LWPx::ParanoidAgent: brad

LWPx::ParanoidAgent

I just uploaded LWPx-ParanoidAgent-1.00 to CPAN. Props to

mart for finding even more things to be paranoid about.

For example, go to the OpenID demo page:
http://www.danga.com/openid/demo/demo.html

And try to validate some of these:
http://localhost-fortest.danga.com/ (resolves to localhost)
http://1117130646/ (livejournal)
http://kumquat.s8n.me.uk/ (resolves to 192.168.2.1)
http://0177.0.0.1/ (localhost)

The paranoid useragent will slap 'em all down. Including if people did a valid webserver which redirected to a hostname which resolved to a CNAME which resolved to an internal address... with every step of the CNAMEs and addresses being checked.

I wonder what PHP's default "filename can be a URL" does about this problem. But PHP cares so much about security, I guess. :-)

Post a new comment
Error
We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

Anonymously

switch

LiveJournal

Facebook

Twitter

OpenId

Google

MailRu

VKontakte

Anonymously

default userpic

Your reply will be screened

Your IP address will be recorded

When you submit the form an invisible reCAPTCHA check will be performed.
You must follow the Privacy Policy and Google Terms of use.

Preview comment

Help
7 comments

Post a new comment
7 comments

Log in

LWPx::ParanoidAgent

Error