| ▲ | paxys a day ago |
| > But having it is generally better than not having it. So is HN and every other site in the world insecure because it allows users to post "/etc/hosts" ? |
|
| ▲ | a day ago | parent | next [-] |
| [deleted] |
|
| ▲ | a day ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | mystifyingpoi a day ago | parent | prev [-] |
| Maybe? I don't know nor care. Assuming that HN has a vuln with path traversal, a sanely configured WAF would block the traversal attempt. |
| |
| ▲ | latexr a day ago | parent | next [-] | | I propose someone who doesn’t know or care how a system works shouldn’t be prescribing what to do to make it secure. Otherwise this is like suggesting every gate must have a lock to be secure, even those which aren’t connected to any walls. https://i.imgur.com/ntYUQB1.jpeg | | |
| ▲ | MatthiasPortzel a day ago | parent [-] | | > someone who doesn’t know or care how a system works shouldn’t be prescribing what to do to make it secure The part that’s not said outloud is that a lot of “computer security” people aren’t concerned with understanding the system. If they were, they’d be engineers. They’re trying to secure it without understanding it. | | |
| |
| ▲ | smallnix a day ago | parent | prev [-] | | *some traversal attempts |
|
