On 2012-02-07 18:10, Chris Weber wrote: > On 2/7/2012 8:38 AM, Martin Thomson wrote: >> I don't see the problem. So I ask to modify X, but then X points me to >> Y, so I either automatically modify Y, or require confirmation before >> doing so. There isn't a security problem. X has the information and >> could forward to Y itself. > > Within the security community the issue has been termed "Open Redirect" > and has been well documented here > http://cwe.mitre.org/data/definitions/601.html and here > https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards > as well as other places. It's not a vulnerability by itself but has > ... Clarifying: "Open" means that the target of the redirect actually depends on something the request contains, such as a query parameter, right?Received on Tuesday, 7 February 2012 17:25:14 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:55 GMT