On 19 Apr 99, at 10:45, [EMAIL PROTECTED] wrote:
> Me again: I just don't see the "RISK" that they point out. Could
> anyone please point me to the err of my ways (or theirs).
The risks are two.
1. To web surfers:
You showed, just above this comment, some code to implement the "add to
favourites" feature. The risk is that, as an unscrupulous operator of a web
site, you could add to this to capture information based on their choice to
add your site to their favourites.
2. To web site owners:
Delivering the icon to surfers is going to create a log entry on your
server, saying that FAVICON.ICO was delivered. So when someone does a search
for "favicon.ico", they're likely going to find three kinds of matches:
a. discussions of this issue (probably not many)
b. pages containing that link to the icon if it's not at the root
(optional)
c. log files containing entries recording delivery of this file, that were
accessible to the search engine's indexer and so are probably world-readable.
Given that (a) and (c) should be fairly rare, this becomes a cheap way to
get a list of sites whose log files are exposed -- in case you're the sort of
person who looks for unprotected web servers to crash or deface.
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
