Интегрированные сети ISDN


Разные предупреждения - часть 7


Если клиенты HTTP не следуют этому правилу, они могут быть мистифицированы, когда изменится IP-адрес доступного ранее сервера. Так как смена адресов в сетях будет в ближайшее время активно развиваться (Ipv6 !), такого рода атаки становятся все более вероятными.

Данное требование улучшает работу клиентов, в том числе с серверами, имеющими идентичные имена.

14.9. Заголовки Location и мистификация

Если один сервер поддерживает несколько организаций, которые не доверяют друг другу, тогда он должен проверять значения заголовков Location и Content-Location в откликах, которые формируются под управлением этих организаций. Это следует делать, чтобы быть уверенным, что они не пытаются провести какие-либо операции над ресурсами, доступ к которым для них ограничен.

16. Библиография

[1]

Alvestrand, H., "Tags for the identification of languages", RFC 1766, UNINETT, March 1995.

[2]

Anklesaria, F., McCahill, M., Lindner, P., Johnson, D., Torrey, D., and B. Alberti. "The Internet Gopher Protocol: (a distributed document search and retrieval protocol)", RFC 1436, University of Minnesota, March 1993

[3]

Berners-Lee, T., "Universal Resource Identifiers in WWW", A Unifying Syntax for the Expression of Names and Addresses of Objects on the Network as used in the World-Wide Web", RFC 1630, CERN, June 1994

[4]

Berners-Lee, T., Masinter, L., and M. McCahill, "Uniform Resource Locators (URL)", RFC 1738, CERN, Xerox PARC, University of Minnesota, December 1994

[5]

Berners-Lee, T., and D. Connolly, "HyperText Markup Language Specification - 2.0", RFC 1866, MIT/LCS, November 1995

[6]

Berners-Lee, T., Fielding, R., and H. Frystyk, "Hypertext Transfer Protocol -- HTTP/1.0.", RFC 1945 MIT/LCS, UC Irvine, May 1996

[7]

Freed, N., and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, Innosoft, First Virtual, November 1996.

[8]

Braden, R., "Requirements for Internet hosts - application and support", STD3, RFC 1123, IETF, October 1989

[9]

Crocker, D., "Standard for the Format of ARPA Internet Text Messages", STD 11, RFC 822, UDEL, August 1982

[10]

Davis, F., Kahle, B., Morris, H., Salem, J., Shen, T., Wang, R., Sui, J., and M. Grinbaum. "WAIS Interface Protocol Prototype Functional Specification", (v1.5), Thinking Machines Corporation, April 1990

[11]

Fielding, R., "Relative Uniform Resource Locators", RFC 1808, UC Irvine, June 1995

[12]

Horton, M., and R. Adams. "Standard for interchange of USENET messages", RFC 1036, AT&T Bell Laboratories, Center for Seismic Studies, December 1987

[13]

Kantor, B., and P. Lapsley. "Network News Transfer Protocol." A Proposed Standard for the Stream-Based Transmission of News", RFC 977, UC San Diego, UC Berkeley, February 1986

[14]

Moore, K., "MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text", RFC 2047, University of Tennessee, November 1996

[15]

Nebel, E., and L. Masinter. "Form-based File Upload in HTML", RFC 1867, Xerox Corporation, November 1995.

[16]

Postel, J., "Simple Mail Transfer Protocol", STD 10, RFC 821, USC/ISI, August 1982

[17]

Postel, J., "Media Type Registration Procedure", RFC 2048, USC/ISI, November 1996

[18]

Postel, J., and J. Reynolds, "File Transfer Protocol (FTP)", STD 9, RFC 959, USC/ISI, October 1985

[19]

Reynolds, J., and J. Postel, "Assigned Numbers", STD 2, RFC1700, USC/ISI, October 1994

[20]

Sollins, K., and L. Masinter, "Functional Requirements for Uniform Resource Names", RFC 1737, MIT/LCS, Xerox Corporation, December 1994

[21]

US-ASCII. Coded Character Set - 7-Bit American Standard Code for Information Interchange. Standard ANSI X3.4-1986, ANSI, 1986

[22]

ISO-8859. International Standard -- Information Processing -- 8-bit Single-Byte Coded Graphic Character Sets

Part 1: Latin alphabet No. 1, ISO 8859-1:1987

Part 2: Latin alphabet No. 2, ISO 8859-2, 1987

Part 3: Latin alphabet No. 3, ISO 8859-3, 1988

Part 4: Latin alphabet No. 4, ISO 8859-4, 1988

Part 5: Latin/Cyrillic alphabet, ISO 8859-5, 1988

Part 6: Latin/Arabic alphabet, ISO 8859-6, 1987

Part 7: Latin/Greek alphabet, ISO 8859-7, 1987

Part 8: Latin/Hebrew alphabet, ISO 8859-8, 1988

Part 9: Latin alphabet No. 5, ISO 8859-9, 1990

[23]

Meyers, J., and M. Rose "The Content-MD5 Header Field", RFC1864, Carnegie Mellon, Dover Beach Consulting, October, 1995

[24]

Carpenter, B., and Y. Rekhter, "Renumbering Needs Work", RFC 1900, IAB, February 1996.

[25]

Deutsch, P., "GZIP file format specification version 4.3." RFC1952, Aladdin Enterprises, May 1996

[26]

Venkata N. Padmanabhan and Jeffrey C. Mogul. Improving HTTP Latency. Computer Networks and ISDN Systems, v. 28, pp. 25-35, Dec. 1995. Slightly revised version of paper in Proc. 2nd International WWW Conf. '94: Mosaic and the Web, Oct. 1994, which is available at http://www.ncsa.uiuc.edu/SDG/IT94/Proceedings/DDay/ mogul/HTTPLatency.html.

[27]

Joe Touch, John Heidemann, and Katia Obraczka, "Analysis of HTTP Performance", , USC/Information Sciences Institute, June 1996

[28]

Mills, D., "Network Time Protocol, Version 3, Specification, Implementation and Analysis", RFC 1305, University of Delaware, March 1992

[29]

Deutsch, P., "DEFLATE Compressed Data Format Specification version 1.3." RFC 1951, Aladdin Enterprises, May 1996

[30]

Spero, S., "Analysis of HTTP Performance Problems" .

[31]

Deutsch, P., and J-L. Gailly, "ZLIB Compressed Data Format Specification version 3.3", RFC 1950, Aladdin Enterprises, Info-ZIP, May 1996

[32]

Franks, J., Hallam-Baker, P., Hostetler, J., Leach, P., Luotonen, A., Sink, E., and L. Stewart, "An Extension to HTTP : Digest Access Authentication", RFC 2069, January 1997

<


Начало  Назад  Вперед