Hi All,
I am using input hidden fields for some CGI variables. The security scan has
issued 'information leakage' threat. These variables are defined in a file and
the file is included in various places. What is the best way to resolve this
vulnerability?
Thanks
Hi
I created a template that checks variables against threats and then use a
collection=#form# cfloop that tests all form variables including the hidden
fields against the threats.
It solved that particular PCI security compliance check.
rob
On 4 Oct 2012 at 9:57, fun and learning wrote:
what information is passed around in the hidden fields, is it anything that
could be used to hijack sessions, get into users accounts or personal
details etc ?
On Thu, Oct 4, 2012 at 3:11 PM, Rob Voyle robvo...@voyle.com wrote:
Hi
I created a template that checks variables against threats
what information is passed around in the hidden fields, is it anything that
could be used to hijack sessions, get into users accounts or personal
details etc ?
On Thu, Oct 4, 2012 at 3:11 PM, Rob Voyle robvo...@voyle.com wrote:
It is remotehost,remoteaddress
move it into a session variable instead and that will solve that issue.
On Thu, Oct 4, 2012 at 4:05 PM, fun and learning funandlrnn...@gmail.comwrote:
what information is passed around in the hidden fields, is it anything
that
could be used to hijack sessions, get into users accounts or
If you are doing something like this:
input type=hidden name=ip value=#cgi.remote_addr# / and
cgi.remote_addr is resolving to an internal IP such as 10.x.x.x or
192.168.x.x due to a proxy or load balancer then you are disclosing the
internal IP of a computer on your network. Thus your PCI scan
6 matches
Mail list logo
