Re: [users@httpd] Spoofing URLs in the address bar

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/15/06, gdwfkd@xxxxxxxxx <gdwfkd@xxxxxxxxx> wrote:
Is it possible to display a different URL than the actual site that the
browser is contacting in the address portion of a browser?  I had thought
the only options for the URL were either the actual site, or the proxy
server site in the instance where you are using a proxy.

I'm asking this as a security question.  If a user gets an email and clicks
on a link (the HREF can say anything it wants), is it possible to have the
browser show http://www.citibank.com in the address bar when it's really
connected to some Chinese malware site?

I know that there are exploits out there for IE, but lets assume I've got
fully patched IE or Firefox and that we don't have some bizarre DNS tainting
or the like going on.

I'm not sure why this question is here; it has nothing directly to do
with Apache.

The answer is, excluding browser bugs, it is impossible for someone
who does not control a site to make that site appear in the location
bar.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux