[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: How to hide http requests
****** message to minivend-users from Frank Miedreich <miedreich@acm.org> ******
>
>
>
>I've noticed when I run my version of minivend, it sends all html requests
>to the address line of my browser with the commands fully exposed. (ie.
><http://my.com/cgi-bin/simple.exe/scan/mp=0/se=STORE/tf=category>http://my.com/c
>gi-bin/simple.exe/scan/mp=0/se=STORE/tf=category ) This leads to many
>potential problems, especially if someone with the proper amount of
>knowledge of minivend inserts a malicious command-line. Is there a way to
>alias this so that I can mask what this is doing? If so, how?
>
>
Hi,
If you have an installation that can be compromised by malicious command
lines you need to solve the problem, not hide it. Using frames could be
used to hide the URL from appearing in the browser, yet they would still be
visible by looking at the source.
You could add an encryption layer between minivend and the web server
daemon, but the security holes would remain, they would just be hidden
better. Your goal should be to make sure that even malicous command lines
do not compromise your catalog.
That's just my 0.02 EUR.
Cheers, Frank
--
Frank Miedreich
Max-Planck-Institut fuer psychologische Forschung
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
