On Wed, 28 Aug 2013 07:22:16 +0200 Andreas Krey <a.krey@xxxxxx> allegedly wrote: > On Tue, 27 Aug 2013 23:12:01 +0000, Tor Exit wrote: > > GET /index.php?file=../../../../../../../etc/passwd > > > > Why not employ similar techniques on a Tor exit? We can be 100% > > sure about the malicious intent. > > No, you can't be sure. That request could quite well be totally > legitimate; you are not in a position to judge for the site owner. > Absolutely true. I could be using tor to test my own website's security mechanisms. In fact, I /have/ used tor to test my own websites...... Best Mick --------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net ---------------------------------------------------------------------
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays