httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "De Gang Thierry" <de.gan...@scarlet.be>
Subject RE: [users@httpd] How to fool a coockie with RewriteEngine
Date Thu, 13 Aug 2009 18:07:43 GMT
Well, ravenclans.com and ravenforums.com are both on the same host and using
the same main directories, yet each has their own directory to work with.
Thus this doesn’t make a security breach for me.

Example:
Main directory: /home/content/d/g/t/dgtnt/html/rgn_main/
Ravenforums.com: /home/content/d/g/t/dgtnt/html/rgn_main/board
Ravenclans.com: /home/content/d/g/t/dgtnt/html/rgn_main/clans

The downside is that coockies are only limited to ravengames.com and
ravenforums.com and still, all 3 domains are using the same engine to work
with.

This is the reason why I want to fool the coockie with RewriteEngine

Regards.


   De Gang Thierry
	---
Email: de.gang.t@scarlet.be
Msn: euthanasia@scarlet.be
Mobile: (0032) 0 498/33.51.59
Phone:  (0032) 0 2/751.04.58
Website: http://www.dgtnt.be
Proud =[BBT]='r: http://www.bigbadteam.com
http://www.RavenGames.com - Your hub for all Raven Software games

	---
Privacy Note:
This is a private email adress for
personal use. Any abuse of this email-
adress will be reported with a full
report to your ISP. Just think and be
smart and only use it when needed.
	---


> -----Oorspronkelijk bericht-----
> Van: André Warnier [mailto:aw@ice-sa.com]
> Verzonden: donderdag 13 augustus 2009 18:41
> Aan: users@httpd.apache.org
> Onderwerp: Re: [users@httpd] How to fool a coockie with RewriteEngine
> 
> De Gang Thierry wrote:
> > Hi all,
> >
> >
> >
> > Is there a way in RewriteEngine to a fool a coockie to read the
> contents of
> > another domain whilst you're on another.
> >
> etc..
> 
> I have not really considered the details of what you want to do, but in
> the principle I would say it cannot be done, for security reasons.
> If one site could set a cookie for any other site, then the site
> www.very-bad-guys.com could set a cookie that the browser would send
> later to the site www.all-angels.com, with whatever consequences.
> 
> However, two websites member of the same upper-level domain can set
> cookies valid for both, such as if one site is www.company.com and the
> other is anotherserver.company.com, they they both can set a cookie for
> ".company.com", and the browser would send this cookie along with any
> request to any one of the two sites.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message