WebApp Sec mailing list archives
Re: Interesting article on how development and web centric architecture change peoples views of security
From: Saqib.N.Ali () seagate com
Date: Thu, 19 Aug 2004 22:11:42 -0700
vulnerable you are to CSRF (Cross Site Request Forgery) attacks. On the other hand an application that uses Basic HTTP Authentication (old
school)
is likely to be a target of CSRF attack.
Sorry I meant: On the other hand an application that uses Basic HTTP Authentication (old school) is LESS likely to be a target of CSRF attack. Thanks. Saqib Ali http://validate.sf.net Saqib.N.Ali () seagate com wrote on 08/18/2004 10:57:28 AM:
Good article. I agree that CRYPTO by itself is not the holy grail. The whole IT architecture should be security aware. There always has to be a balance between adopting new technology and maintaining security. For e.g. CDSSO (Cross Domain Single Sign One) may make life easier for
the
users, but the more applications, you have, that use CDSSO, the more vulnerable you are to CSRF (Cross Site Request Forgery) attacks. On the other hand an application that uses Basic HTTP Authentication (old
school)
is likely to be a target of CSRF attack. In Peace, Saqib Ali http://validate.sf.net <<< DocBook XML -> HTML/PDF Convertor "Mark Curphey" <mark.curphey () foundstone com> wrote on 08/17/2004
06:54:46
AM:
http://www.infosecurity-magazine.com/features/julyaug04/paulus_julyaug.html
Current thread:
- Interesting article on how development and web centric architecture change peoples views of security Mark Curphey (Aug 18)
- Re: Interesting article on how development and web centric architecture change peoples views of security Saqib . N . Ali (Aug 19)
- Re: Interesting article on how development and web centric architecture change peoples views of security Saqib . N . Ali (Aug 20)
- Re: Interesting article on how development and web centric architecture change peoples views of security Saqib . N . Ali (Aug 19)