Welcome! Log In Create A New Profile

Advanced

Re: Is $http_host dangerous?

May 27, 2012 06:16PM
Actually, I should reconsider my position on this after reading this:
http://stackoverflow.com/questions/1459739/php-serverhttp-host-vs-serverserver-name-am-i-understanding-the-ma

I am not sure how nginx reacts to that, but according to you Francis, you seems to be inline with Chris Shiflett that neither is safe nor insecure. They are pretty much the same thing.

Under one circumstances, can you think of a way to exploit when using $http_host?
Subject Author Posted

Is $http_host dangerous?

jwxie May 26, 2012 07:00PM

Re: Is $http_host dangerous?

Francis Daly May 27, 2012 07:24AM

Re: Is $http_host dangerous?

x7311 May 27, 2012 05:56PM

Re: Is $http_host dangerous?

x7311 May 27, 2012 06:16PM

Re: Is $http_host dangerous?

Francis Daly May 27, 2012 07:22PM

Re: Is $http_host dangerous?

Francis Daly May 27, 2012 08:30PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 63
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready