Well, after all those years, almost twenty of them, I hang my sysadmin hat. With Debian, the last bastion, jumping ship and the fanaticism shattering the community, it took all the fun out of it.
Hello Networks !
Your argument was actually quite valide. The only thing I would add to it, is signing the page. Let me explain:
1. Do all the above steps
2. Hash ( and store ) the output buffer ( PHP ) before flushing it to the browser
3. When preparing the POST to send the auth to the server, have the JS include the hash of the current page
If they do not match: you know code was injected in the page.
An anonymous reader writes: In late September, there was a modest gathering of law enforcement officers, military personnel, and mental health professionals in the small western New York town of Hamburg. It was totally ignored by the mainstream media, with just a reporter from the Buffalo News on hand to record the proceedings. Lucky for us Link to Original Source
samesurf writes: Surf, share, and interact with the same sites in real-time. Audio, text & video chat. Stay connected. Free for PC, MAC, iPhone, iPad, & Android. Join Beta: www.samesurf.com Link to Original Source
What I really don't get is why would you allow desktop streaming but not an appliance if the idea is to protect your your IP and keep your traditional business model ( ad revenu ). It's much easier to rip a feed from a desktop / laptop / HTPC / whatever than from a locked appliance !