Stupid ebay/amazon question
John Abreau
jabr at blu.org
Thu Jun 29 13:23:01 EDT 2006
Christopher Schmidt wrote:
>
> And all of this is completely unrelated to the discussion at hand, which
> is a question of whether there is code inside of eBay's HTML,
> Javascript, etc. which external users placing content on eBay's servers
> can exploit to get access to your personal information as known by eBay.
>
I've seen some pretty fancy auction pages on eBay, some of which would
be difficult for the seller to create without some sort of dynamic
html capability such as php. As I pointed out in an earlier reply in
this thread, if a seller can use anything like php, asp, or jsp, then
they potentially have access to any and all data your browser passes
to eBay's web server. If you're logged into ebay at the time, I imagine
that probabyl includes your ebay login name.
I don't think it makes sense to say "I'm giving eBay the benefit of
the doubt; therefore, an exploit like this is not possible".
--
John Abreau / Executive Director, Boston Linux & Unix
ICQ 28611923 / AIM abreauj / JABBER jabr at jabber.org / YAHOO abreauj
Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
More information about the gnhlug-discuss
mailing list