W3C home > Mailing lists > Public > public-cdf@w3.org > January 2006

CDR: security section gives inadequate account of possible attacks and of proposed security model

From: Maciej Stachowiak <mjs@apple.com>
Date: Mon, 2 Jan 2006 01:57:10 -0800
Message-Id: <1851E3D5-53FA-4689-BF79-58780B1A9246@apple.com>
To: public-cdf@w3.org



2.5

This section gives a very incomplete account of of security attacks  
potentially resulting from cross-document access. Classic cross-site
scripting attacks predate the existence of either phishing or  
firewall attacks. One of the most classic cross-site scripting  
exploits is accessing a site that has confidential user information  
(for example a banking site that displays account numbers), requires  
login, and uses a persistent login mechanism such as an HTTP cookie.  
In this case, allowing a load of such a document and then granting  
scripting access is a major security risk. I think this section needs  
significantly more research to be complete, or at least external  
references.

Also, none of this section presents an actual suggested security  
model, or discusses how one might be devised. For a spec that
admittedly has significant potatial security risks, the present  
language is insufficient to address the security considerations. I  
recommend
something more thorough, along the lines of "security considerations"  
sections in IETF specs.

Regards,
Maciej
Received on Monday, 2 January 2006 09:57:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:10:40 GMT