Hello Robert,
I would suggest that if your data is such that it can use DocBook,
definitely go the DocBook route. You can also use Apache's Cocoon publish
your DocBook content to PDF/HTML/RTF/SVG/TXT etc.
Here are some samples that use Apache Cocoon to perform dynamic conversion
to PDF/HTML:
http://cafelog.com/ (PHP + mysql)
a very light weight (simple and primitive) blog:
http://www.xml-dev.com/blog/
Thanks.
Saqib Ali
https://validate.sf.net
[EMAIL PROTECTED] wrote on 08/31/2004 10:28:09 AM:
> Does anyone know of Blog sw available in the marketplace written in PHP
and
> mayb
I don't think this will work. Why do you need to MD5 the passwd if you
sending it over LDAPS:?? (LDAP over SSL)?
Thanks.
Saqib Ali
http://validate.sf.net
Steven Hildreth <[EMAIL PROTECTED]> wrote on 08/30/2004 06:33:32 PM:
> Hi, Attempting to connect to an OpenLDAP server to authenticate
Thanks Curt, Chris and Ed,
It is indeed the disabling of third-party cookies that is causing this
behaviour in I.E. :)
So thanks all the help :)
Thanks.
Saqib Ali
http://validate.sf.net <<< XHTML/DocBook XML Validator and Transformer
"Ed Lazor" <[EMAIL PROTECTED]>
No Phone Info Available
Hello Ed,
To give some details:
I am unable to re-produce a CSRF attack when the victim is using a I.E.
6.01 SP1 (all patches applied). However the attack works in Mozilla and
other older browsers.
I can't give you the exact code for attack (for security reasons), but it
is similar to the fo
Hello Curt,
Yes, the /. system depends on cookies to keep the user logged in.
However a CSRF attack is NOT trying to access a third party cookie.
The web browser make the same GET request whether it is using TAG
or the user clicking on a link. So in either case the cookies are in the
context
Hello Chris,
Upon your suggestion, I used a sniffer to sniff traffic for the web app
that I am working on.
To my surprise, the data captured during the sniff for both browsers was
exactly the same. Which mean my theory of limiting the TAG to .gif
.jpeg .png is NOT true.
So now I am completel
Hello,
I m not saying the I.E. completely fixed the CSRF attacks, by only
allowing .jpg .gif .png files.
But it "might" be one possible way to minimize CSRF attack, just like
using POST vs GET can help minimize the chances of that attack.
BTW, using POST instead of GET does NOT guarantee that
Hello Chris,
I can't share the exact code ;) , but here is something very similar:
http://slashdot.org/my/logout"; height="1" width="1">
If I load a web page with the above code, it should log me out of
slashdot. It works in Mozilla (and netscape), but not in I.E. 6.01 SP1
downloads.seagate.co
Thanks Chris,
Yup I think my posting is very on-topic. The application that I am working
on is written in PHP.
And I m sure all PHP developers check their applications for CSRF
vulnerability, in various browsers (including I.E. ).
As a PHP/Java developer, I would be interested to know what I
Hello All,
I am working on securing an application that uses CDSSO (Cross Domain
Single Sign On).
I am trying to reproduce the CSRF (Cross Site Request Forgery) attack
(using TAG) in I.E. 6.01, but am unable to do so. However the
attack works on Mozilla and other older browsers.
My questio
Hello Sam,
Thanks for the response. I don't have much documentation to work with. I
very familiar with mod_LDAP + Apache + PHP, but new to Siteminder. I was
wondering if you point me to some good resources on the web, or if you
have some documentation, that would be helpful as well.
Thanks.
Sa
Hello All,
Does anyone of any good documentation for compiling Netegrity's Siteminder
module with Apache for use in a PHP based application?
Thanks.
Saqib Ali
http://validate.sf.net <<< XHTML/DocBook XML Validator and Transformer
13 matches
Mail list logo
