> From: Johnny Kewl [mailto:[EMAIL PROTECTED]
> I actually cant see any
> reason why the hand shake couldnt be extended to look at the
> incoming URL...
Because the URL (or at least the host header) would have to be sent over the
wire in cleartext, as it's before the encrypted connection is negotiated. This
is an information disclosure vulnerability.
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
