DNS Attacks

Jimmy Hess mysidia at gmail.com
Tue Feb 21 22:29:04 UTC 2012


On Sun, Feb 19, 2012 at 4:59 AM, Ken Gilmour <ken.gilmour at gmail.com> wrote:
> What happens when the client sends a POST from a cached page on the end
> user's machine? E.g. if they post login credentials. Of course, they'll get
> the error page, but then you have confidential data in your logs and now
> you have to protect highly confidential info, at least if you're in europe.

Either you don't log the data on the webserver,  or you notify the
user that the POST form data has now been posted, and display the link
to the public web page where their posted data now appears, on the
error page.

Once your user has shared "confidential" information unsolicited with
an unknown third party, and the general public,   the information's
confidentiality was spoiled by the act of posting, regardless of the
content of the information

-- 
-JH




More information about the NANOG mailing list