Re: What is a security bug?
On 2005-11-24 02:03:31 -0500 Marc Haber
On Wed, Nov 23, 2005 at 10:53:46PM -0800, Thomas Bushnell BSG wrote:
In the case of galeon, for example, there is no bug, because it can
restart with the old state.
And galeon saves current state, including form entries done by the
user, before it segfaults?
Or, even more annoying, session cookies. If I'm half-way through
booking my flight, or making a purchase, and some random site crashes
my browser, and I have to restart, I'll be pretty annoyed.
Also, POST data: if I'm viewing a page that I got to due a POST
request, when Galeon restarts, I won't get back to the right page.
(Should Galeon remember the POST data and resubmit when it restarts?
What if the POST data was my credit card information, and resubmitting
results in my credit card being charged twice?)
Remembering state certainly alleviates the problem. But it's not a
Hubert Chan <email@example.com> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.