[ac] Security concerns

Hi again,

Just wanted to summarize some attack vectors that we want to make sure 
that we fend off:

The general rule of thumb is "Don't introduce new attack vectors". All 
below points are derived from that general rule.

Should not introduce attack vectors to servers protected only by being 
behind fire walls. Some servers authenticate solely by relying on the 
fact that the user can connect to the server at all.

While anyone can issue an arbitrarily formatted request to a server on 
the internet, this is not true for servers on intranets behind 
firewalls. The only requests that can be issued to such servers today 
are ones that browsers send out. This includes GET requests (from a 
multitude of features in HTML) and POST requests from HTML <form>s.

Requests not allowed by these features could introduce new attack vectors.

It should not be possible to issue POST requests containing XML data to 
arbitrary servers. This due to that there are a number of SOAP servers 
deployed that communicate using XML sent over POST requests and could 
perform potentially dangerous attacks.

Should try to prevent dictionary based distributed brute-force attacks 
to try to get login accounts to 3rd party servers, to the extent possible.

Should not fail to properly enforce security policy in the face of 
commonly deployed proxy servers sitting between the UA and any of 
servers the UA is communicating with.

Should not allow loading of XML resources from 3rd party servers without 
explicit consent of these servers as such resources can contain 
sensitive information.

This restriction should not just apply to XML resources, but any other 
type of resource that can contain sensitive information.

I'm sure there are more, so feel free to add to this list.

/ Jonas

Received on Thursday, 17 January 2008 09:27:42 UTC