[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] Re: #1579 [Tor-Torbutton]: ETag and If-None-Match header can link multiple requests to the same page
#1579: ETag and If-None-Match header can link multiple requests to the same page
----------------------------+-----------------------------------------------
Reporter: bee | Owner: mikeperry
Type: enhancement | Status: closed
Priority: minor | Milestone:
Component: Tor-Torbutton | Version:
Resolution: duplicate | Keywords:
Parent: |
----------------------------+-----------------------------------------------
Comment(by bee):
That's untrue!!!!!! So, what you're shipping now, is an "out of the box"
vulnerable product!!!!! yeah, three years and you didn't found yet a
working solution for this flaw!!!!!!!!!!!!!!
As a matter of fact, the exploit page continues to work against
TorButton!!!!!!!!!(the "out of the box TorButton"!!!)
Also, it's your way the way to defeat the flaw disabling all the caches
mechanisms!!!!! It's effective, but it sounds strange to me too!!!
although if you didn't found better ways, it's better than nothing!!!!
Yet, you aren't using it either!!!!
Nevertheless, i've to say that in place of a TBB with all features active,
to work "out of the box" together with all the possible imaginable
flaws!!! i do prefer a TBB like factorbee!!! where many features are
disabled and whenever you need them, you can switch on what you need, when
and whether you need it!!!!!! "deny all, but allow this and that"!!!!!
In the meantime ETags or just cookies, can be used to keep a thread of
what you're doing!!!! until you toggle the button or clear the caches!!!
~bee!!!!!!!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1579#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online