|
|
|
|
|
|
| 15 Security Considerations
|
|
|
|
|
| This section is meant to inform application developers, information providers, and users of the security limitations in HTTP/1.1 as described by this document. The discussion does not include definitive solutions to the problems revealed, though it does make some suggestions for reducing security risks.
|
| 1. Personal Information ... 15.1
|
| 1. | Abuse of Server Log Information ... 15.1.1
|
| 2. | Transfer of Sensitive Information ... 15.1.2
|
| 3. | Encoding Sensitive Information in URI's ... 15.1.3
|
| 4. | Privacy Issues Connected to Accept Headers ... 15.1.4
|
| 2. | Attacks Based On File and Path Names ... 15.2
|
| 3. | DNS Spoofing ... 15.3
|
| 4. | Location Headers and Spoofing ... 15.4
|
| 5. | Content-Disposition Issues ... 15.5
|
| 6. | Authentication Credentials and Idle Clients ... 15.6
|
| 7. | Proxies and Caching ... 15.7
|
| 1. | Denial of Service Attacks on Proxies ... 15.7.1
|