WebApp Sec mailing list archives
Re: Growing Bad Practice with Login Forms
From: <athena () buyukada co uk>
Date: Wed, 28 Jul 2004 09:50:03 +0100 (BST)
A sidetrack, but this sounds like an effective silver bullet solution--I'm not aware of an application or browser plugin that shows the _effective_ source for any page, or perhaps lets you select areas of a page and see all the scripting that pertains to it, but there must be one, if this problem exists. Of course, this still wouldn't help the average user, but it would provide an extra level of defense to someone willing to do a bit of extra work.
<MS Specific stuff> Hmmm... You *could* use the shdocvw.dll interface in IE to do this kind of stuff via onbeforenavigate2 (I think), but it'd only show up when you click on a link. There is a class with some stuff that allows you to extract all the links in an mshtmldocument, but I haven't tried it on complex pages yet. If I get the chance does anyone know of some particularly nasty javascript driven pages with dodgy links an nary a href to be seen? Let me know and I'll give it a try, then try to post back this afternoon with my results.</MS Specific stuff> <Suitable for non-MS Browser users> This post requires Internet Explorer 6 or above to be relevant. Anyone know of an equivalent Moz/Safari interface that could be (ab)used?</Suitable for non-MS Browser users> Steve
Current thread:
- RE: Summary: Growing Bad Practice with Login Forms, (continued)
- RE: Summary: Growing Bad Practice with Login Forms Mike Peppard (Jul 29)
- Re: Summary: Growing Bad Practice with Login Forms David Wall @ Yozons, Inc. (Jul 30)
- Re: Summary: Growing Bad Practice with Login Forms Murf (Jul 30)
- RE: Summary: Growing Bad Practice with Login Forms Mike Peppard (Jul 31)
- Re: Summary: Growing Bad Practice with Login Forms Jimi Thompson (Aug 01)
- Re: Summary: Growing Bad Practice with Login Forms athena (Jul 31)
- Re: Summary: Growing Bad Practice with Login Forms Stefan Paletta (Jul 31)
- Re: Growing Bad Practice with Login Forms Steve (Jul 27)
- webpage _effective_ source (was Re: Growing Bad Practice with Login Forms) Laurian Gridinoc (Jul 28)
- Re: Growing Bad Practice with Login Forms athena (Jul 28)