- From: Stuart E. Schechter <ses@ll.mit.edu>
- Date: Fri, 23 Mar 2007 14:49:21 -0400
- To: W3C WSC Public <public-wsc-wg@w3.org>
- CC: Johnathan Nightingale <johnath@mozilla.com>
I wrote: > This is a great improvement. I've differentiated attacks send form data > between sites from those that send script/HTML code between sites. I think > this helps clean the tree tremendously. After writing this email I learned that this distinction is also made in wikipedia. I've adopted their term for attacks that cause requests to be impersonated/forged. <http://en.wikipedia.org/wiki/Cross-site_request_forgery> This is now appropriately reflected in the threat trees.
Received on Friday, 23 March 2007 18:50:44 UTC