It reminds me of a scene from the movie Awakenings...
Dr. Malcolm Sayer: I was to extract one decagram of miolyn from four tons of earthworms.
Hospital Director: Really?
Dr. Malcolm Sayer: Yes. I was on that project for five years. I was the only one who believed in it, everyone else said it couldn't be done.
Dr. Kaufman: It can't.
Dr. Malcolm Sayer: I know that now, I proved it.
So, I proposed my little scheme for preventing HTTP Response Splitting and Amit Klein was nice enough to point out all of the flaws in my argument and scheme. I don't feel like a beaten man though. In all fairness the HTTP protocol and HTML are lacking a whole bunch of security features that makes certain attacks all but inevitable - or at least not preventable through architectural means...
Look for more crackpot security schemes here in the near future.
No comments:
Post a Comment