WebApp Sec mailing list archives
Re: Security Issues with Workflow apps
From: Anthony Chan <ant_chan () pacific net sg>
Date: Mon, 12 Sep 2005 1:40:17 +0800
hi you may want to use non-repudiation in the workflow system, like signing of digital cert.
From: Saqib Ali <docbook.xml () gmail com> Date: Fri 09/09/2005 7:28 AM GMT+08:00 To: "webappsec () securityfocus com" <webappsec () securityfocus com>, security basics <security-basics () securityfocus com> Subject: Security Issues with Workflow apps Hello All, I am looking for some good articles that talk about Security Issue relating to Workflow Application that use email as medium to approve/reject actions. For e.g. an attacker might intercept an workflow email, and use the content to approve/reject a pending item, by spoofing an email to the workflow auto-responder. -- In Peace, Saqib Ali http://www.xml-dev.com/blog/ Consensus is good, but informed dictatorship is better.
Current thread:
- Security Issues with Workflow apps Saqib Ali (Sep 08)
- <Possible follow-ups>
- Re: Security Issues with Workflow apps Anthony Chan (Sep 11)
- Re: Security Issues with Workflow apps Saqib Ali (Sep 11)