BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
RE: Universal PDF XSS After Party(posible solution)
Jan 04 2007 06:25PM
Noe Espinoza M. (nespinoza grupowissen com)
We need to force to the users do download the pdf files
And we can add to the httpd.conf or .htaccess the next code
SetEnvIf Request_URI "\.pdf$" requested_pdf=pdf
Header add Content-Disposition "Attachment" env=requested_pdf
Other solution is protect our pdf files to external links (hotlinking...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
And we can add to the httpd.conf or .htaccess the next code
SetEnvIf Request_URI "\.pdf$" requested_pdf=pdf
Header add Content-Disposition "Attachment" env=requested_pdf
Other solution is protect our pdf files to external links (hotlinking...
[ more ]