[horde] Potentially Dangerous URL

Martin Lohmeier martin at mein-horde.de
Sat Jul 16 08:14:35 PDT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jan Schneider wrote:
> Zitat von Martin Lohmeier <martin at mein-horde.de>:
>
>
>>can someone tell my why URL that point to the same host are potentially
>>dangerous (see horde/services/go.php)?
>
>
> Because it is an URL created from user input that might trigger an
> action inside Horde.

Maybe it's a good idea to compare the applications webroot with the url
(in addition to the hostname). This way it is possible to determine if
the url points into horde or not.

by, Martin
- --

Powered by Debian GNU / Linux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC2SRbOvJj+wS6JuIRAr3CAKCrzTfINRa5oYFPCSdSbPY6YEtH0wCfdrHR
zrolEeM4QPCTKNt17cCuAMc=
=G5WW
-----END PGP SIGNATURE-----


More information about the horde mailing list