Ben Hoyt wrote: > > In other words, DecentURL is not fool-proof, but I believe it's better > than TinyURL and other such services. :-) Like anything on the net, > you still have to *more or less* trust the sender/source.
I'm concerned about one thing with DecentURL: Cross-Site Scripting. Since DecentURL will actually go to the target URL to get the page's title, it would be trivial to use DecentURL to attack another site. >From my logs: 202.78.158.138 sbih.org - [31/Oct/2007:16:14:17 -0400] "GET /%22;drop%20table; HTTP/1.1" 404 345 "-" "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.8) Gecko/20071008 Firefox/2.0.0.8" Thoughts? -- John H. Robinson, IV University of California, San Diego [EMAIL PROTECTED] Geisel Library IT OPS http (((( TEL: +1 858 822 5217 9500 Gilman Drive, 0175T sbih.org ( )(:[ FAX: +1 858 534 6206 La Jolla CA 92093-0175 spiders.html (((( -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-lpsg
