Password Reset and Web-Cache Poisoning (and a Little Surprise in RFC-2616) (skeletonscribe.net) 2 points by d0bby 7y ago ↗ HN
[–] d0bby 7y ago ↗ "How does a deployable web-application know where it is? Creating a trustworthy absolute URI is trickier than it sounds. Developers often resort to the exceedingly untrustworthy HTTP Host header (_SERVER["HTTP_HOST"] in PHP)"...
1 comment
[ 2.7 ms ] story [ 15.6 ms ] thread