[4043] in WWW Security List Archive
Re: Front-Page extensions?
daemon@ATHENA.MIT.EDU (Leonid S Knyshov)
Thu Jan 23 01:07:30 1997
To: adam@homeport.org
Cc: wiseleo@juno.com, www-security@ns2.rutgers.edu
Date: Wed, 22 Jan 1997 18:49:25 PST
From: wiseleo@juno.com (Leonid S Knyshov)
Errors-To: owner-www-security@ns2.rutgers.edu
>No, we must filter to only allow those characters we know are safe,
>otherwise most people will make the etc set too small, and allow
>attacks.
>
>That which is not explicitly permitted is denied.
>
>Adam
>
Thanks for correcting me, sorry for confusion :)
Too many server admins unfortunately don't know that...
It is estimated 80+ % of web servers are vulnerable nowdays, the entire
world needs to be educated :(
Leo.
