Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
How to prevent HTTP response splitting attack?
HTTP Response splitting allows an attacker to manipulate the response received by a web browser. is there any way to prevent this kind of attack from perl.
As usual. Do not trust any data received from user.
If you need to include some data from user to the headers use uri_escape() or other appropriate mechanism which will escape unsafe data.
Don't put unsanitized data into headers (e.g. redirects or cookies).
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I am wondering what would be the appropriate error code to bubble upto my clients when I get 4XX from my dependencies. Say for example, one of my downstream services returns to me a 401 code. This means my own server was not authorised for this request. How should I bubble this information to my clients? Would 424 be the appropriate code to bubble up? I read that it was added to HTTP as an extension, so is it recommended to use it?
Status codes from extensions can be used when properly registered and sufficiently defined.
That said, a 4xx seems to be incorrect here. If your server is not configured properly to access a back end, that's a server error, thus a 5xx.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I want to send log events to BAM 2.4.1 via client REST but I dont find any example about it so I need to know what is the endpoint url and some example about building of the json message to send.
Thanks in advance for any help
Currently, it doesn't have a REST API to publish events. Current options are listed here.
In addition you can use Analytics JavaScript (JS) API as well. It has this limitation.
Currently due to a limitation, client applications should be deployed
in the same domain as the Dashboard server. i.e -
DAS_HOME/repository/deployment/server/webapps
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Java Applets support socket but limits the connection towards the
http server from which the applet has been downloaded.
Why a WebSocket abstraction has been created for sending data
from Javascript/HTML 5 ? Wouldn't have been possible to add support
for a “classical” socket in JS and limit the connection (as it
has been done for Java Applets)
Because WebSocket starts as a HTTP request, therefore it is easier to go through firewalls and other inspectors. Also, such HTTP negotiation can do HTTP operations like sending/retrieving cookies from the browser for example, which provides a nice integration with the rest of the web application.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 1 year ago.
Improve this question
Is there a way to check whether the Outlook recipients are receiving emails with block image security settings? (Perhaps using Google Analytics?)
I need to track how many of them are blocking and whom they are so I can send appropriate emails.
No, it is not possible to track this sort of thing. The only way to track ANYTHING in emails is from pixel requests and if images are blocked, you never get them.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I would like to change subject of messages based on body contents and recipient.
Example :
* I would like that all emails for postmaster#mydomain.com gets their subject modified based on rules testing the contents of the message.
Is this possible and if yes how ?
Any help would be greatly appreciated !
I would think amavis can do this kind of things. You can create macros which will analyze emails and make arbitrary changes to the headers and body. I don't know exactly how this is done, though.