nanog mailing list archives
Re: DNS Attacks
From: Jimmy Hess <mysidia () gmail com>
Date: Tue, 21 Feb 2012 16:29:04 -0600
On Sun, Feb 19, 2012 at 4:59 AM, Ken Gilmour <ken.gilmour () gmail com> wrote:
What happens when the client sends a POST from a cached page on the end user's machine? E.g. if they post login credentials. Of course, they'll get the error page, but then you have confidential data in your logs and now you have to protect highly confidential info, at least if you're in europe.
Either you don't log the data on the webserver, or you notify the user that the POST form data has now been posted, and display the link to the public web page where their posted data now appears, on the error page. Once your user has shared "confidential" information unsolicited with an unknown third party, and the general public, the information's confidentiality was spoiled by the act of posting, regardless of the content of the information -- -JH
Current thread:
- Re: DNS Attacks, (continued)
- Re: DNS Attacks Jeroen Massar (Feb 19)
- Re: DNS Attacks Valdis . Kletnieks (Feb 19)
- Re: DNS Attacks Robert Bonomi (Feb 19)
- Re: DNS Attacks Ken Gilmour (Feb 19)
- Re: DNS Attacks Tei (Feb 20)
- Re: DNS Attacks Valdis . Kletnieks (Feb 20)
- Re: DNS Attacks Christopher Morrow (Feb 20)
- Re: DNS Attacks Christopher Morrow (Feb 20)
- Re: DNS Attacks Joel jaeggli (Feb 20)
- Re: DNS Attacks Christopher Morrow (Feb 21)
- Re: DNS Attacks Jimmy Hess (Feb 21)
- Re: DNS Attacks Valdis . Kletnieks (Feb 21)
- Re: DNS Attacks Henry Linneweh (Feb 21)