Insecurities in Privoxy Configurations - Details
Juliusz Chroboczek
Juliusz.Chroboczek at pps.jussieu.fr
Sun Dec 2 19:23:02 UTC 2007
> 1) Those of us who use polipo should pay attention too, and make sure
> to put
> disableLocalInterface=true
> in our polipo config file. Otherwise a remote attacker can reconfigure
> our polipo out from underneath us, examine our cache to see where we've
> been browsing, etc.
FWIW, both the cache index and the list of recently accessed servers
are disabled by default. Reconfiguring Polipo is enabled by default,
and I agree that it is a good idea to disable it, ass suggested by
Roger above.
I'm trying to put together all hints about running Polipo with Tor on
http://www.pps.jussieu.fr/~jch/software/polipo/tor.html
Please send your additions to the Polipo-users at lists.sourceforge.net
mailing list.
Thanks,
Juliusz
More information about the tor-talk
mailing list