> From: Johnny Kewl [mailto:[EMAIL PROTECTED] > I actually cant see any > reason why the hand shake couldnt be extended to look at the > incoming URL...
Because the URL (or at least the host header) would have to be sent over the wire in cleartext, as it's before the encrypted connection is negotiated. This is an information disclosure vulnerability. - Peter --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]