Re: Support of kepler, sputnik, etc and security risks

[Fernando P. García <fernando@...>]

Example 1:
UTF-8 cross site scripting
http://xforce.iss.net/xforce/xfdb/39619

Example 2:
UTF8 encoded HTML code execution
http://xforce.iss.net/xforce/xfdb/26766

More and more:
http://webapp.iss.net/Search.do?searchType=keywd&x=0&y=0&keyword=utf8

Blessings!

On Sat, Oct 17, 2009 at 7:29 PM, Jim Whitehead II <jnwhiteh@gmail.com> wrote:

On Sat, Oct 17, 2009 at 8:51 PM, Petite Abeille <petite_abeille@mac.com> wrote:
>
> On Oct 17, 2009, at 10:39 PM, David Given wrote:
>
>> There isn't really a good solution to this --- it's one of the reasons
>> why Unicode domain names have never really taken off.
>
> Hmmm... this is not really related to "kepler, sputnik, etc", isn't it?

Precisely my point.  Why does a web server need to be concerned with
this?  What's the attack vector?

- Jim

-- 
Fernando P. García, http://www.develcuy.com
Developer - Analista de Sistemas
+51 1 9 8991 7871, Calle Santa Catalina Ancha #377, Cusco -Perú

** Antes de imprimir este mensaje piensa en tu compromiso con el medio ambiente, protegerlo depende de tí.