On 26 January 2014 19:23, Kurt Pattyn <[email protected]> wrote: >> 2. When sending data from client to server (not the other way) >> The client generates a 32-bit random number. >> This random number is stored in plain text in the header of each frame. >> The data is XOR-ed with that 32-bit random number. >> >> The server takes the 32-bit random number from the header and XORs it >> with the payload to get to the original data. >> >> I really fail to see what the intention is of this mechanism. I really >> fail to see what could make this communication ‘secure’.
The aim of the masking is to prevent request splitting and smuggling attacks when going through proxies. It prevents an application from being to trick proxies into beginning a new request that does something different to the one intended. https://www.owasp.org/index.php/HTTP_Request_Smuggling Cheers Rich. _______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
