Vulnerability Development mailing list archives
Re: CSS, CSS & let me give you some more CSS
From: "Sverre H. Huseby" <shh () thathost com>
Date: Fri, 1 Feb 2002 22:25:43 +0100
[E M] | This brings me to the point that cookie based authentication is | unsafe inherently and as far as I can tell not something that | security minded developers would even consider. Eh, you make me curious. What would a security minded developer of, say, a discussion forum where client side certificates is not an option use instead of cookies? I guess you won't say URL paramters, so I am really curioius. My opinion is that the cookies are fine. It is the output of scripts that needs addressing. A security minded developer would make a framework that did not permit HTML (that is: washed, sanitized, escaped, recoded, HTML encoded -- choose your favourite slang) tags from any data, except from the templates of the pages. Oh, well. Friday night, just upgraded from ancient glibc 2.1.94 to 2.2.5 and had a few beers to give me courage to do the upgrade, so my opinions may not even be worth the usual two cents at the moment. Sverre. -- shh () thathost com Play my free Nerd Quiz at http://shh.thathost.com/ http://nerdquiz.thathost.com/
Current thread:
- RE: CSS, CSS & let me give you some more CSS Obscure (Jan 31)
- <Possible follow-ups>
- RE: CSS, CSS & let me give you some more CSS info (Feb 01)
- Re: CSS, CSS & let me give you some more CSS Bill Pennington (Feb 01)
- Re: CSS, CSS & let me give you some more CSS E M (Feb 01)
- Re: CSS, CSS & let me give you some more CSS Sverre H. Huseby (Feb 01)
- New thoughts on CSS Brett Moore (Feb 01)
- RE: New thoughts on CSS Matt Dickinson (Feb 01)
- RE: New thoughts on CSS jon schatz (Feb 01)
- Re: New thoughts on CSS Blue Boar (Feb 01)
- Re: New thoughts on CSS Jonas M Luster (Feb 03)
- RE: New thoughts on CSS other (Feb 02)
- Re: CSS, CSS & let me give you some more CSS Blake Frantz (Feb 01)
- Re: CSS, CSS & let me give you some more CSS Andre Mariƫn (Feb 04)
- RE: CSS, CSS & let me give you some more CSS Brian McWilliams (Feb 01)
- RE: CSS, CSS & let me give you some more CSS Marc Slemko (Feb 01)