RE: Script Injections
- From: "David Farinic" <davidf@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 23 Feb 2005 16:03:06 +0100
I never saw any RFC restriction to put "<" ">" out of any URL.
Anyway it is used on internet (as I mentioned some time ago) therefore
restricting it will result in problems.
More security-less features, ratio decision is up to you.
Additionally Cross site scripting checking has to be done on web server
application side not on client side level or client's proxy otherwise it
doesn't solve problem.
Regards DavidF
callto://spaceq
________________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, February 23, 2005 3:39 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Script Injections
http://www.ISAserver.org
Hi Rob,
This should be a good start
http://www.faqs.org/rfcs/rfc1630.html
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
________________________________________
From: Rob Moore [mailto:RMoore@xxxxxxxx]
Sent: Wednesday, February 23, 2005 8:24 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Script Injections
http://www.ISAserver.org
Hey Jim--
Any chance you've had a mo to find these RFCs? I've been looking for them
myself with no luck. If you could even just point me to the right place, that
would be great.
Thanks,
Rob
This mail was checked for viruses by GFI MailSecurity.
GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI
FAXmaker), and network security and management software (GFI LANguard) -
www.gfi.com
Other related posts:
