> Marcin, I'm also curious about your statement about security hole when > spoofing a domain name via mod-rewrite. Isn't mod-rewrite *all* about > spoofing URL's (which can include domain name part)? As you mentioned, remapping is not the same as spoofing. Imagine someone's ability to send you back URI www.yourbankname.com as the current domain when you're actually at nastysite.thief.com (obviously, that's simply impossible, but if you look at the senders question, it's kinda that what he's trying to achieve - of course, in this case, with innocent subdomain spoofing) --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|