Y
Hacker News
new
|
ask
|
show
|
jobs
by
litewulf
6419 days ago
ETags can be arbitrary, the server can put whatever it wants.
1 comments
jbert
6418 days ago
Ah, yes. An attacker could fetch the resource themselves, discover the ETag and serve their malicious resource with the real ETag. Sorry.
link