Cart
[Home] [By Thread] [By Date] [Recent Entries]
* Michael Kay wrote: >Security restrictions in terms of what resources are accessible are of >course reasonable, though as far as I can see the cross-site-scripting >rules seem to be about as relevant to the real threat model as the >theatrical checks performed in airport security halls. It is common for web sites to discriminate based on client IP addresses. If I know for instance that some organization serves documents on its site that are only available to its members, and know the site is con- figured to require no further authentication for requests that come from within a member's network, I can gain access to those documents simply by setting up an advertisement, which sooner or later would be shown to someone from within such a network, which then sends me the documents. -- Björn Höhrmann · mailto:bjoern@h... · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
