Matus UHLAR - fantomas a écrit : > On 05.06.09 23:55, mouss wrote: >> localhost.netoyen.net has address 127.0.0.1 >
oh, I didn't even realize it was the .$domain" one! old habit to avoid nslookup barking and then lusers asking what's the problem... > Actually, I think this is not good. "localhost." should resolve, but putting > localhost to other domains even with 127.0.0.1 address is something that > should be imho avoided ;) > why? if it's because of xss and the like, it doesn't apply here, because attacker can use http://localhost/ as well (or even http://127.0.0.1/). or am I missing something?
