WebApp Sec mailing list archives

RE: Passing data between frames

From: "Vinny Bedus" <vbedus () BitChangers com>
Date: Fri, 28 Mar 2003 16:31:10 -0500

Chris,
The best way would then have to be in sessions.  Your only other options
would be cookies (not secure) or as a url string (not secure).

There is the possibility of posting from a form on the one page to a
form on the other frame.  This is complicated, and may not work for your
app.

Just my two cents.

Vinny Bedus
Bit Changers
http://www.bitchangers.com/


-----Original Message-----
From: Chris Neil [mailto:Chris.Neil () abs-ltd com] 
Sent: Friday, March 28, 2003 5:34 AM
To: 'webappsec () securityfocus com'
Subject: Passing data between frames


What would people recommend as the best way to pass sensitive data
between
frames? The frames are separate web sites hosted on the same machine.

(if it matters it's IIS)

Chris Neil
  Security Officer
  Chris.Neil () abs-ltd com
-------------------------------------------
ABS 
  http://www.abs-ltd.com/
  Tel:     +44 (0) 1993 771221
  Fax:    +44 (0) 1993 775081
-------------------------------------------

Current thread:

Passing data between frames Chris Neil (Mar 28)
- RE: Passing data between frames Vinny Bedus (Mar 28)
- <Possible follow-ups>
- Re: Passing data between frames Mark Reardon (Mar 28)
  - Re: Passing data between frames Bear Giles (Mar 28)
- Re: Re: Passing data between frames Mark Reardon (Mar 31)