On 07/26/2014 12:05 PM, Stakres wrote:
Hi All,
Feel free to modify the script (client side) to do not send all requests.
As Cassiano said, only the YouTube urls need to be rewritten...
My point here is that you have not mentioned anywhere that your script
collects information.
Script is made by Unveiltech and it sends all data to Unveiltech servers.
Your server can very easily send redirection to their own server and
fetch username OR password of any site. (If end user is not technically
sound)
For example your server can easily redirect http://login.google.com to
http://storeid.unveiltech.com/login.google.com/ (which looks exactly
same as Google login page). End user will not even know what is happening.
Not sure if you did this on purpose OR you are new to programming that
you did not realize this huge security and privacy angle.
Additionally your script is "one small function" modification EXAMPLE
redirector script. A real script would include full logic of youtube
resolution locker (what your storeid server does currently).
No offence meant, please. I am just warning other users if they try to
use this php script, there is huge security risk.
Regards,
PS: Sorry for being off-topic on squid mailing list.
AMM
