Chris Shiflett wrote:
--- Sean Burlington <[EMAIL PROTECTED]> wrote:
I'm not sure what harm could be done by this though.
if a broswer attempts to load an image reference by
an
I sent a response about this earlier, but you should
research CSRF and XSS.
It does not matter that the browser sh
--- Sean Burlington <[EMAIL PROTECTED]> wrote:
> is there really any site which will accept a book
> order based an a sigle GET?
Well, yes, but that is not the point really. The example of
the tag is just one way you can forge an HTTP request
from another user (the victim).
Also consider that ma
--- Sean Burlington <[EMAIL PROTECTED]> wrote:
> I'm not sure what harm could be done by this though.
>
> if a broswer attempts to load an image reference by
> an I would expect it simply to ignore it...
I sent a response about this earlier, but you should
research CSRF and XSS.
It does not mat
Gibbs, Liam - SXIA wrote:
I agree that there are risks - but I do think this can be done safely
Couldn't you just check the submitted URL and find out if it's a gif or
jpeg? I don't think even PHP-enabled servers will run a gif or jpeg.
please send replies to the list ...
and you cant tel
On Wednesday 22 January 2003 01:40, Sean Burlington wrote:
> is there really any site which will accept a book order based an a sigle
> GET ?
Amazon makes a big deal of their "one-click" shopping feature. It's so good
they've even patented it.
--
Jason Wong -> Gremlins Associates -> www.gremli
Chris Shiflett wrote:
--- Chad Day <[EMAIL PROTECTED]> wrote:
I want to give my users the ability to submit a URL
to a database, then when they pull up their page,
their photo is included .. what I'm worried about
is them pointing the link to some malicious code or
something..
Your instincts
--- Chad Day <[EMAIL PROTECTED]> wrote:
> I want to give my users the ability to submit a URL
> to a database, then when they pull up their page,
> their photo is included .. what I'm worried about
> is them pointing the link to some malicious code or
> something..
Your instincts serve you well.
I guess you use some webserver, let's take apache.
Apache's mime.conf has set several extensions,
also php extensions. So only .php, .php3, .php4
files will be parsed by php.
Chad Day wrote:
I want to give my users the ability to submit a URL to a database, then when
they pull up their page, the
I want to give my users the ability to submit a URL to a database, then when
they pull up their page, their photo is included .. what I'm worried about
is them pointing the link to some malicious code or something..
Obviously I can validate the file extension (.gif or .jpg) .. and I'm going
to for
9 matches
Mail list logo
