Changes between Initial Version and Version 1 of Ticket #25239, comment 92
- Timestamp:
- 07/30/2017 10:52:13 PM (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #25239, comment 92
initial v1 1 Contrary to comments above, general opinion is that HTTP_HOST can be unsafe client data, whileSERVER_NAME is a server configuration and so pretty safe. For example, https://stackoverflow.com/questions/2297403/http-host-vs-server-name1 Contrary to comments above, general opinion is that while HTTP_HOST can be unsafe client data, SERVER_NAME is a server configuration and so pretty safe. For example, https://stackoverflow.com/questions/2297403/http-host-vs-server-name 2 2 3 3 That may not be 100% guaranteed on all servers, so distrusting SERVER_NAME may be wise, but comment:91 is not generally right about "client supplied data."