@ryanc @dangoodin Oh dang I forgot about enctype. Now I'm going to be thinking about poking at other URI schemes for the form action - dredged up a memory that you used to be able to do a mailto: and try to compose an email with the local client!
Notices by Alex Savage (optimant@hachyderm.io)
-
Embed this notice
Alex Savage (optimant@hachyderm.io)'s status on Thursday, 08-Aug-2024 04:10:55 JST 
Alex Savage
-
Embed this notice
Alex Savage (optimant@hachyderm.io)'s status on Thursday, 08-Aug-2024 03:43:47 JST
Alex Savage
@dangoodin @ryanc I mean, it's a constraint for sure (e.g. the POST will be forms-encoded instead of, say, JSON like a green developer writing a service today might write code to expect) but risk will depend on the specific target. A soft target might even be susceptible to GET alone.
Car analogy: We discovered that leaving keys inside the car, even out of sight, is vulnerable because thieves can still use coat hangers to pop the locks. Non ignition-key mitigations like The Club are unaffected.
-
Embed this notice
Alex Savage (optimant@hachyderm.io)'s status on Saturday, 23-Dec-2023 23:48:39 JST
Alex Savage
@howtophil @thomasfuchs Borg has got to smell like feet and leaky capacitors
All GNU social JP content and data are available under the