On Thu, Oct 11, 2012 at 10:25 AM, Kurtis Mullins <kurtis.mull...@gmail.com> wrote: > Sorry, you're probably right. I imagine there are no security risks related > to pulling a host-name from a DNS server. However, I do not know if the case > is the same for an HTTP Proxy when the query is included in the URL.
a malicious DNS would lead the client to a rogue server, but if the client checks the server certificate, it wouldn't fly (that's what i meant by "sever identity verification") a malicious HTTP proxy rarely would be transparent. Even in that case, it would only see who is communicating with who. The whole stream (including the HTTP verbs, URL, parameters, bodies, etc) is opaque if encrypted with SSL. That's why you should always use https. -- Javier -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
