shibboleth-dev - RE: [Shib-Dev] Environment Variables vs. Request Headers
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: [Shib-Dev] Environment Variables vs. Request Headers
- Date: Fri, 5 Feb 2010 14:17:56 -0500
- Organization: The Ohio State University
Jones, Mark B wrote on 2010-02-05:
> Why?
Headers are subject to spoofing attempts by the client and despite the many
pains the SP takes to prevent that, it's never going to be provably immune
to new ways of attacking it that might get around the protections,
particularly when there are bugs in the web server itself.
I welcome and encourage attempts to hack it, and believe it's quite
protected provided all the IIS caveats are observed, but environment
variables are always protected.
-- Scott
- Environment Variables vs. Request Headers, Jones, Mark B, 02/05/2010
- RE: [Shib-Dev] Environment Variables vs. Request Headers, Scott Cantor, 02/05/2010
- Message not available
- RE: [Shib-Dev] Environment Variables vs. Request Headers, Jones, Mark B, 02/05/2010
Archive powered by MHonArc 2.6.16.