I was thinking about this and it appears POST only a little less vulnerable and somewhat harder (do to requiring the user to click something). I read about token ids and double submitted cookies and i am not sure what the difference is http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Disclosur...
I am reading a report from a "web application security" company, whom have been scanning a few websites of the company I am working for. It appears from the report - which seems written without any human involvement - that several attempts where made to break our sites using requests like this: DEBUG /some_path/some_unexisting_file.aspx...
I'm developing a simple servlet that should serve documents via http. I use URLs in the form of /getDocument?fileId=1234. The servlet simply 1) sets response.contentType and 2) writes to response.outputStream. The problem is about setting the content type correctly in order to have the browsers understand the response (i.e., display the...
Hi, I'm using Apache/PHP to support shorlinks to documents and I'm having trouble with the Regex to redirect correctly. My links take the form of 8 letters/numbers, something like '1abc45fd', I would like to have them redirect to /shortlink.php?link=1abc45fd but it's just not working correctly. I'm using the following expression: "Rewr...
In a situation where Apache is sitting behind a reverse proxy (such as Squid), the cgi environment variable REMOTE_ADDR gets the address of the proxy rather than the client. However, the proxy will set a header called X-Forwarded-For to contain the original IP address of the client so that Apache can see it. The question is, how do we ...
Under Python 3.1, when trying to run this code: from urllib import request def test(): request.urlopen("http://www.google.com") test() I get an HTTP 409 error. The stack trace is: Traceback (most recent call last): File "C:\Users\Beau\Python\pokescrape.py", line 6, in <module> test() File "C:\Users\Beau\Python\pokescra...
I have a service (in PHP): A User browser accesses Private URL at the Service Service decodes Private URL and fetches page from a Client Server (Curl) Service modifies page from Server according to Private URL info in a database Response headers (content length, set-cookie[server-domain]) Add a <base> tag for relative href's Add javas...
My application has some menu buttons that sends the users to my website. I want to differentiate in the website how many users came from my app, out of all the regular users. My app is written in C#, and currently I direct users like this: string url = "http://mysite/somepage"; System.Diagnostics.Process.Start(url); On the server si...
I am looking for a modern C++ HTTP library because libcurl's shortcomings are difficult to work around by C++ wrappers. Solutions based on Boost.ASIO, which has become the de-facto C++ TCP library, are preferred. ...
I run a small webapp for a couple of departments at work, which is very low traffic and doesn't have that many users. It's built on top of Django and uses apache as the web server. I have things configured to email me when any errors occur which until yesterday was a great thing - there aren't many errors, but sometimes the users don't ...
I'm looking for a WebHelper class for C#, one that wraps and stuff all the common requests, such as like POSTing and GETting http requests etc. ...
By real time I mean where users don't have to hit refresh on the page. New content is automatically loaded onto the screen. What are some examples of where you think this can be used and resources that show HOW to do it: Twitter real time updates via jquery SO feature to notify users that there were new answers as you are typing your...
Hi, What is rack middleware? Thanks. ...
how to retrieve the http header in a packet in c++? any sample code or tutorials can be a big help!.. thanx!.. note: winpcap was used for the packet sniffing and these packets are already filterd to be only tcp and http/s protocols..the only problem is how to decode the packet's http header.. ...
Some web servers return content-length set to zero in the HTTP response headers. I'd like a deterministic and performant solution for receiving all the data in that situation. URL known to exhibit this behavior (additional URLs below): http://www.washingtonpost.com/wp-dyn/content/article/2010/02/12/AR2010021204894.html?hpid=topnews he...
Hi, What is a good book to learn about web server architecture? I am a beginner Rails developer and want to go beyond Ruby. For example, I want to know what exactly a 'Mongrel cluster' is, rack-middleware, HTTP, etc. Is there a good book (or more than one) which covers this? Thanks. ...
im now developing a project using winpcap..as i have known packets being sniffed are usually fragmented packets. how to reassemble this TCP segements?..any ideas, suggestion or tutorials available?.. this i assume to be the only way i can view the HTTP header... thanks!.. ...
Hello guys, Thanks for reading. We are developing a web app. and we're finding out how to live-update some counters and info in the client side, without use scheduled-Json-Updates (yes, timeouts works... but there should be another way ; ) So I was looking at Twitter... they live-update our timeline don't they? I cannot see the timel...
I have servers spread across several data centers, each storing different files. I want users to be able to access the files on all servers through a single domain and have the individual servers return the files directly to the users. The following shows a simple example: 1) The user's browser requests http://www.example.com/files/fil...
im now currently developing a standalone c++ program that would list all the access URL in a browser and its corresponding response time.... at this point of time, i can already sniff all out and in going packets. i am using winpcap for this... retrieved packets were filtered to by only those 'tcp port 80(http) or 443(https)'... and kn...