- From: Tyler Close <tyler.close@gmail.com>
- Date: Thu, 14 Jan 2010 16:33:44 -0800
- To: Adam Barth <w3c@adambarth.com>
- Cc: "Mark S. Miller" <erights@google.com>, public-webapps <public-webapps@w3.org>
On Thu, Jan 14, 2010 at 11:34 AM, Adam Barth <w3c@adambarth.com> wrote: > On Thu, Jan 14, 2010 at 9:20 AM, Tyler Close <tyler.close@gmail.com> wrote: >> The confidentiality of a resource can be compromised by a CSRF >> vulnerability in a legitimate client. > > Can you define what you mean by CSRF? I think we must have different > ideas about what the term means because I don't understand that > sentence. I should have said CSRF-like, by which I mean a Confused Deputy attack. I've been using the former term since some people find it easier to understand. For example, imagine a client using a third-party storage service. To copy data from one file to another, they do a GET on one URL for the source file, followed by a POST to another for the destination file. If the storage service is an attacker, it could tell the client the source file's URL is the URL for a resource the client can read, but the storage server cannot. The confidentiality of this resource is then compromised by a legitimate client that fell victim to a CSRF-like attack. --Tyler -- "Waterken News: Capability security on the Web" http://waterken.sourceforge.net/recent.html
Received on Friday, 15 January 2010 00:34:18 UTC