Cart
[Home] [By Thread] [By Date] [Recent Entries]
On 14/12/2010 03:36, Bjoern Hoehrmann wrote: > * Michael Kay wrote: >> Security restrictions in terms of what resources are accessible are of >> course reasonable, though as far as I can see the cross-site-scripting >> rules seem to be about as relevant to the real threat model as the >> theatrical checks performed in airport security halls. > It is common for web sites to discriminate based on client IP addresses. > If I know for instance that some organization serves documents on its > site that are only available to its members, and know the site is con- > figured to require no further authentication for requests that come from > within a member's network, I can gain access to those documents simply > by setting up an advertisement, which sooner or later would be shown to > someone from within such a network, which then sends me the documents. I'm not quite sure whether your intent was to agree with me or disagree with me. The way I read your comment, you are agreeing with me that the current security model is a joke. Michael Kay Saxonica
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
