Closed GoogleCodeExporter closed 8 years ago
The text means just this. The proxy is engineered with certain assumptions about
usual HTTP client and server behaviors; no effort was made, and absolutely no
guarantees are given, regarding the accuracy of collected logs, or even proper
operation of the proxy itself, if any of the parties to the proxied
communications
are grossly misbehaving or rogue.
I am not aware of any obvious vector that would allow remote code execution
under
such circumstances, but as noted, there are no guarantees. If you are testing
your
corporate networks on an open wifi network with no VPN, I'd guess the risk I
messed
up something with the code is one of your least concerns, however :-)
Original comment by lcam...@gmail.com
on 15 Feb 2009 at 11:00
I see. Thanks for your response.
I don't work for a company. I wanted to use ratproxy to test my App Engine site
(so
there is no VPN; and the App Engine dev server is sufficiently different from
production to warrant performing the tests on the live website). So I guess
I'll just
throw in a MITM proxy that would verify the *.appspot.com SSL certificate and
use
ratproxy through it.
Original comment by alexkon
on 15 Feb 2009 at 11:38
Original issue reported on code.google.com by
alexkon
on 13 Jan 2009 at 12:41