[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] cross site trace

From: "Brian Shura" <bshura@xxxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] cross site trace
Date: Tue, 22 Jul 2008 17:24:19 -0500

James Landis said:

"Or you can just *patch and save time
debating the risk of the issue*."


But if the issue really is very low risk, couldn't implementing the security
patch be more risky than just leaving the issue alone?  Any time you make
changes to the web server you run the risk of introducing more bugs and
sometimes the "fix" could actually end up making things worse.

-Brian


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

Follow-Ups:
- RE: [WEB SECURITY] cross site trace
  - From: Tom Brennan

References:
- [WEB SECURITY] cross site trace
  - From: Raymond Forbes
- RE: [WEB SECURITY] cross site trace
  - From: Brian Shura
- Re: [WEB SECURITY] cross site trace
  - From: Raymond Forbes
- Re: [WEB SECURITY] cross site trace
  - From: Arian J. Evans
- Re: [WEB SECURITY] cross site trace
  - From: James Landis

Prev by Date: [WEB SECURITY] Re: OT URLScan was [WEB SECURITY] cross site trace
Next by Date: RE: [WEB SECURITY] cross site trace
Previous by thread: Re: [WEB SECURITY] cross site trace
Next by thread: RE: [WEB SECURITY] cross site trace
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site