WebApp Sec mailing list archives
RE: [WEB SECURITY] Re: HTTP Parameter Pollution
From: "Martin O'Neal" <martin.oneal () corsaire com>
Date: Wed, 20 May 2009 19:03:07 +0100
2. It would be better if an RFC or similar states how to treat them.
I would disagree with this. This isn't a standard thing really; it is perfectly valid for an application to expect zero/one/infinity parameters; the issue only arises when the application does not handle a mismatch between expectation and actuality... Martin...
Current thread:
- RE: [WEB SECURITY] Re: HTTP Parameter Pollution Martin O'Neal (May 22)
- <Possible follow-ups>
- RE: [WEB SECURITY] Re: HTTP Parameter Pollution Martin O'Neal (May 22)
- RE: [WEB SECURITY] Re: HTTP Parameter Pollution Stefano Di Paola (May 22)
- RE: [WEB SECURITY] Re: HTTP Parameter Pollution Martin O'Neal (May 22)
- RE: [WEB SECURITY] Re: HTTP Parameter Pollution Martin O'Neal (May 25)
- RE: [WEB SECURITY] Re: HTTP Parameter Pollution Stefano Di Paola (May 25)