From: Tim (tim-pentest@sentinelchicken.org)
Date: Wed Dec 13 2006 - 06:45:17 EST
> It has several drawbacks, to
> name only some that come in mind:
> * local browsing history
> * possible proxies
> * cached sites
> * web server logs
> * possible bookmarks
> * possible links containing sensitive information, sent by it's users
> * possible XSS vulns become _really_ powerful
Also, don't forget referrers. If your site has sensitive info in the
URL, and you link to any other site (or someone controlling content on
your site does), then users who click that link will unwittingly give
away that sensitive information to the third party.
Like dork@gmx.at said, there are lots of reasons not to do this. It
doesn't matter what browser is being used, the design sounds flawed.
tim
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:27 EDT