[Typo3-dev] Security Problem - HTML
Dominic Brander
typo3_db at snowflake.ch
Tue Sep 23 16:34:19 CEST 2003
good idea!
Christoph Moeller wrote:
> René Fritz schrieb:
>
>> So why not make the security stronger than to make workarounds. Which
>> means to include the IP from where a user logged in, in the current
>> session.
>>
>> Then an attacker have to steal the cookie AND have to simulate the IP
>> which is really hard to do.
>
>
> Good one - /me taking the wooden board off of his forehead...
> Should be fairly more easy than fiddling with regexp's to do malicious
> html code detection/notification.
>
> Is that a big deal in terms of code changes? I personally don't exactly
> know at what places the BE cookie is checked for.
>
> Chris
>
> _______________________________________________
> Typo3-dev mailing list
> Typo3-dev at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-dev
>
>
--
dominic brander
________________________________________________________________________
dominic brander - snowflake productions gmbh
tel. CH +41 1 451 75 71 - fax. CH +41 1 451 63 80
tel. D +49 89 31 56 78 15 - fax. D +49 89 31 56 78 16
mobile +41 76 493 25 88
http://www.snowflake.ch
More information about the TYPO3-dev
mailing list