Password Reset and Web-Cache Poisoning (and a Little Surprise in RFC-2616)

Password Reset and Web-Cache Poisoning (and a Little Surprise in RFC-2616)(skeletonscribe.net)

2 points by d0bby 7 years ago | 1 comment

d0bby 7 years ago |

"How does a deployable web-application know where it is? Creating a trustworthy absolute URI is trickier than it sounds. Developers often resort to the exceedingly untrustworthy HTTP Host header (_SERVER["HTTP_HOST"] in PHP)"...

d0bby 7 years ago |

"How does a deployable web-application know where it is? Creating a trustworthy absolute URI is trickier than it sounds. Developers often resort to the exceedingly untrustworthy HTTP Host header (_SERVER["HTTP_HOST"] in PHP)"...