You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Thom May <th...@planetarytramp.net> on 2003/01/23 16:59:55 UTC
(forw) [thor@pivx.com: RE: TRACE used to increase the dangerous of XSS.]
I think this covers most of the points...
Re: (forw) [thor@pivx.com: RE: TRACE used to increase the dangerous
of XSS.]
Posted by Rich Bowen <rb...@rcbowen.com>.
On Thu, 23 Jan 2003, Thom May wrote:
> I think this covers most of the points...
<Note from Thor Larholm snipped>
We're getting more and more paniced people coming on IRC and asking
about TRACE, what they should do about it, and why there isn't a
flashing red sign about it on the apache.org front page. It was my
understanding, now reinforced by Thor's note, that this was a lot of
hogwash and hype, but, the argument goes, WhiteHat is a *company*, and
they have a *cool name*, so they can't be full of crap, can they? So, I
was wondering if there's any chance we can make come kind of official
statement about this that I can point people to. People tend to get
quite offended and beligerent when I try to explain to them the points
made in Thor's note.
--
Rich Bowen - rbowen@rcbowen.com
Author - Apache Administrator's Guide
http://www.ApacheAdmin.com/