Thanks.
Regards,
SaeedAhmed Subedar, BSLI
91-022-39961356
-Original Message-
From: Mark Montague [mailto:m...@catseye.org]
Sent: Thursday, December 15, 2011 8:11 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Cross-site scripting over ssl
On December 15, 2011 6:31 , Saeedahme
Thank you for your suggestions.
On Wed, Dec 14, 2011 at 5:20 PM, Simone Caruso wrote:
> Jmeter is a great tool for benchmarking
>
> --
> Simone Caruso
> IT Consultant
> +39 349 65 90 805
>
> -
> The official User-To-User support
On December 15, 2011 6:31 , Saeedahmed Subedar
wrote:
I have a web application on Apache Http Server over SSL. Isn’t
application level cross-site scripting taken care of since requests
and responses are encrypted in SSL?
No. From https://www.owasp.org/index.php/XSS
Cross-Site Scripting
Hi Tom et al.
hm, OK. I've noticed that some sites do exactely what we need in our case:
disobeying this "SHOULD NOT" in RFC 2616. E.g. I'm logged in at Facebook and
click a link to one of the sites I have log access to. I'm using HTTPS at the
Facebook site. The referer header appears within my
On Thu, Dec 15, 2011 at 12:18 PM, Diego Maciel Gomes
wrote:
> hey Guys...
>
> I need help :)
>
> I have an intranet running with LAMP. I have a server with 8gb mem and 4
> procs for this. My apache is 2.2.3
>
> I have about 400 users connected (ps -ef |grep httpd |wc -l)
>
> At this moment, Im usi
hey Guys...
I need help :)
I have an intranet running with LAMP. I have a server with 8gb mem and 4 procs
for this. My apache is 2.2.3
I have about 400 users connected (ps -ef |grep httpd |wc -l)
At this moment, Im using 4.3gb of mem and sometimes I have a high use of procs..
My load average
On Thu, Dec 15, 2011 at 10:59 AM, Christoph Pilka
wrote:
> Howdy,
>
> according to RFC 2616 chapter 15.1.3 "Clients SHOULD NOT include a Referer
> header field in a (non-secure) HTTP request if the referring page was
> transferred with a secure protocol" which makes sense in certain
> circumsta
I have a web application on Apache Http Server over SSL. Isn't application
level cross-site scripting taken care of since requests and responses are
encrypted in SSL?
Regards,
SaeedAhmed Subedar, BSLI
The information contained in this electronic communication is intended solely
for the indivi
Howdy,
according to RFC 2616 chapter 15.1.3 "Clients SHOULD NOT include a Referer
header field in a (non-secure) HTTP request if the referring page was
transferred with a secure protocol" which makes sense in certain circumstances
because of sensitive data the HTTPS request would hand over. But
Thanks.
Regards,
SaeedAhmed Subedar,
BSLI
-Original Message-
From: Eric Covener [mailto:cove...@gmail.com]
Sent: Thursday, December 15, 2011 12:17 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Cross-site scripting implementation
On Thu, Dec 15, 2011 at 2:17 PM, Saeedahmed S
Hi all,
I was recently informed from our IT-security team that a security leak was
found by Apache Httpd (see [1]).
This leak was fixed but seems Apache hasn't delevered the fixed version. Who
knows when I can get this new fixed version?
[1] http://securitytracker.com/id/1026353
--
View thi
11 matches
Mail list logo
