Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: http-cors, new NSE script for detecting cross-origin http access

From: David Fifield <david () bamsoftware com>
Date: Mon, 3 Oct 2011 23:28:43 -0700
On Sat, Jun 18, 2011 at 06:44:35PM +0300, Toni Ruottu wrote:

To clarify a bit, you would not want your intranet services to be
cross-origin accessible, as any one of your users websites could in
that case access them. For example you do not want to provide an
interfaces that lets evilhaxor.net modify your firewall settings. In
most cases it is perfectly ok for world readable/writable interfaces
to be cross-origin accessible.


This script is a nice idea. It's like http-methods for cross-origin
requests. I've committed it.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: