> 1) Those of us who use polipo should pay attention too, and make sure > to put > disableLocalInterface=true > in our polipo config file. Otherwise a remote attacker can reconfigure > our polipo out from underneath us, examine our cache to see where we've > been browsing, etc.
FWIW, both the cache index and the list of recently accessed servers are disabled by default. Reconfiguring Polipo is enabled by default, and I agree that it is a good idea to disable it, ass suggested by Roger above. I'm trying to put together all hints about running Polipo with Tor on http://www.pps.jussieu.fr/~jch/software/polipo/tor.html Please send your additions to the [EMAIL PROTECTED] mailing list. Thanks, Juliusz
