lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun Jun 4 00:22:48 2006 From: houdini+full-disclosure at clanspum.net (Bill Weiss) Subject: Tool Release - Tor Blocker Bill Weiss(houdini+full-disclosure@...nspum.net)@Sat, Jun 03, 2006 at 11:15:58PM +0000: > 3) I think you've just suggested giving a webpage (one which may be > hostile towards your goals) control over who can and cannot access your > web server. What happens if one day that CGI hands you a list containing > every IP in your /24? I know that, if I ran said webpage, I would be > tempted to do so every once in a while. 3b) A more crafty (less hostile) person at that webpage could just give you a huge list. strcmp() over 1m list items on every webpage hit? Sounds like fun! -- Bill Weiss
Powered by blists - more mailing lists