ETags can be arbitrary, the server can put whatever it wants. | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

litewulf on Nov 27, 2008 | parent | context | favorite | on: "Mixed content warning", how I loathe thee

ETags can be arbitrary, the server can put whatever it wants.

jbert on Nov 28, 2008 [–]

Ah, yes. An attacker could fetch the resource themselves, discover the ETag and serve their malicious resource with the real ETag. Sorry.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact