Comment 7 for bug 234629
Revision history for this message
| Valentin Lorentz (progval) wrote Re: [Bug 234629] Re: supybot !web title leaks LAN HTTP servers to the channel | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I don't see in what it would be hard to guess it. Bot admins should know the difference between a website accessible from the Internet and a website accessible from a local net: nothing.
More over, I don't think knowing the title of a page is that dangerous.
The only risk is if there is some kind of web application that allows to run actions based on GET parameters, which is a known _very bad_ design pattern, also known as. CSRF (which means something like Cross Site Request Forgering).
Ralph Corderoy <email address hidden> wrote:
>> There isn't warning about "Unix progstats" command giving out PID,
>> username, ...
>
>It doesn't need one. It sounds more likely that it would give out that
>kind of thing from its name. That a plugin typically used to print the
><title> of public web pages can be used to poke about the LAN isn't so
>obvious IMHO.
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.