> From: Johnny Kewl [mailto:john@kewlstuff.co.za]
> I actually cant see any
> reason why the hand shake couldnt be extended to look at the
> incoming URL...
Because the URL (or at least the host header) would have to be sent over the wire in cleartext,
as it's before the encrypted connection is negotiated. This is an information disclosure
vulnerability.
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|