[prev in list] [next in list] [prev in thread] [next in thread]
List: websecurity
Subject: Re: [WEB SECURITY] NetSec Breaking Apps Better Than AppSec
From: Tim <tim-security () sentinelchicken ! org>
Date: 2011-07-09 17:06:22
Message-ID: 20110709170622.GR25355 () sentinelchicken ! org
[Download RAW message or body]
> ... but the only good
> way to fix this mess would be proper origin-scoped cookies (a la Adam
> Barth's Cake header; or localStorage, except that the latter is still
> horribly insecure in some popular browsers).
Well... How about we use a real authentication protocol for users,
and leave cookies for the non-security use cases? Giving web
developers control over individual bits in messages used for
authentication is always going to be a recipe for disaster.
I would be thrilled if some of you heavy-weights joined us in the
discussions:
https://www.ietf.org/mailman/listinfo/http-auth
tim
_______________________________________________
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic