[tor-relays] new relays
Andreas Krey
a.krey at gmx.de
Wed Aug 28 05:22:16 UTC 2013
On Tue, 27 Aug 2013 23:12:01 +0000, Tor Exit wrote:
> GET /index.php?file=../../../../../../../etc/passwd
>
> Why not employ similar techniques on a Tor exit? We can be 100% sure about the malicious intent.
No, you can't be sure. That request could quite well be totally legitimate;
you are not in a position to judge for the site owner.
(I'm just fighting against a 'transparent proxy' that thinks
POST with more than 1000 bytes are evil. Please don't add
more points of failure to an already fragile web.)
Andreas
--
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
More information about the tor-relays
mailing list