2008/6/29 Krzysztof Oledzki <ole#ans.pl>:
> What if a guest users sets the cookie itself?
>
Hi,
Good point ! I've been looking at the emails and indeed the usage of a cookie without a lookup cannot be reliable in a security based approach. Lets hope that the caching proxy only accelerates and that the only consequence would be to bypass it and directly hit the dynamic content servers - loading them slighly more
This would be an easy way to DoS via the public site if an attacker knew
this.
But anyway to some extent we are all vulnerable to this kind of attack,
(except if named Google and Akamai maybe ....)
Cheers!
Patrick Received on 2008/06/30 04:20
This archive was generated by hypermail 2.2.0 : 2008/06/30 04:30 CEST