httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rich Bowen <>
Subject Re: (forw) [ RE: TRACE used to increase the dangerous of XSS.]
Date Sun, 26 Jan 2003 13:25:19 GMT
On Thu, 23 Jan 2003, Thom May wrote:

> I think this covers most of the points...
<Note from Thor Larholm snipped>

We're getting more and more paniced people coming on IRC and asking
about TRACE, what they should do about it, and why there isn't a
flashing red sign about it on the front page. It was my
understanding, now reinforced by Thor's note, that this was a lot of
hogwash and hype, but, the argument goes, WhiteHat is a *company*, and
they have a *cool name*, so they can't be full of crap, can they? So, I
was wondering if there's any chance we can make come kind of official
statement about this that I can point people to. People tend to get
quite offended and beligerent when I try to explain to them the points
made in Thor's note.

Rich Bowen -
Author - Apache Administrator's Guide

View raw message