On Jul 8, 2005, at 12:02 PM, Ezra Nugroho wrote:
I am just wondering, how could someone craft an html to steal cookies?
If your cookie distribution is done right, I don't think you need to
worry about this.
That's what XSS is all about. I don't have the link handy but I do have
a PDF file that I found
a while back that explains how this happens, and to tell the truth, it
scared the s*** outa me.
To the point that I really don't trust any online commerce, although I
do still use it, just as
I still give the waitress/waiter my credit card at a restaurant, even
though I know that's where
most of the identity theft/stolen CC numbers comes from.
There are a gazillion of sites (CMS-based, wiki-based, etc, including
php.net) that allow users to contribute html. They are not concern
about
security of data delivery.
Yeah I know... :P
I think, page breaking html is more prominent issue, which you could
eliminate with BBcode or wiki language.
Perhaps you are being a little paranoid?
Or do I miss something?
So yeah, I'm being paranoid but I'm also trying to cover as many bases
as I can and yet
still provide some decent functionality.
Edward Vermillion
evermillion@xxxxxxxxxxxx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
