Jonathan Vanasco wrote:
> > Unfortunately, Amit Klein published some research in July that
> > demonstrated how to do this with Flash. So, if your users use
> > clients that support Flash (which most do), this is not a good
> > safeguard.
>
> Do you have a link to that?
http://webappsec.org/lists
Looks like they are Apache2::Const and Apache2::compat now.
Ben K. wrote:
Well, I did "force install" and tried it for some time, but couldn't
make it work with a few modification.
There are errors about Apache::Const and Apache::compat - they're not
in apache2 space any more.
I'll do mor
On Mon, 9 Oct 2006 14:42:10 -0500 (CDT)
"Ben K." <[EMAIL PROTECTED]> wrote:
>
> Well, I did "force install" and tried it for some time, but couldn't
> make it work with a few modification.
>
> There are errors about Apache::Const and Apache::compat - they're not
> in apache2 space any more.
>
>
Hi,
I've tried to include everything that the doc suggested. I'd appreciate
any feedback on this. I'm trying to upgrade from Apache 1 to Apache 2.2
and need mod_perl as the existing web sites rely on it.
1. Problem Description:
Building mod_perl 2.0.2 for Apache 2.2.3 on SunOS ecnext00 5.10
Well, I did "force install" and tried it for some time, but couldn't make
it work with a few modification.
There are errors about Apache::Const and Apache::compat - they're not in
apache2 space any more.
I'll do more probe this evening.
Regards,
Ben K.
On Mon, 9 Oct 2006, David Castro wr
Clinton Gormley wrote:
> If the input that you are wanting to display is (eg) a surname,
> then certainly, escaping will serve your purposes. However, if
> you are wanting your user to be able to input HTML and then
> view it as HTML, escaping isn't sufficient. The combination is
> required.
That
> This sounds like a good approach, but it's worth noting that XSS is
> fundamentally an escaping problem, not a filtering one. Nitesh Dhanjani
> discusses this a bit here:
>
> http://oreillynet.com/onlamp/blog/2005/10/repeat_after_me_lack_of__outpu.html
>
Yes and no. From the article:
---
Clinton Gormley wrote:
> HTML::StripScripts::Parser has a default deny everything approach,
> and reconstructs the HTML fed to it, so unless it makes sense as
> html, it doesn't get passed through and reconstructed.
This sounds like a good approach, but it's worth noting that XSS is
fundamentally
I've added "PerlTrace all" in apache2.conf after having compiled
mod-perl with MP_TRACE flag on.
Kevin A. McGrail wrote:
Sorry I don't have an answer to your question, however, can you tell me
how you were able to get trace messages this useful!!!?
Regards,
KAM
- Original Message - Fr
