- From: David-Sarah Hopwood <david-sarah@jacaranda.org>
- Date: Sat, 24 Oct 2009 07:45:46 +0100
- To: public-webapps@w3.org
Doug Schepers wrote: > I'm not at all a security expert, or even particularly well-informed on > the topic, but it does occur to me that most of CORS' opponents seem > very much in the capability-based security camp [1], and may distrust or > dislike something more "authentication-based" like CORS. The reason for that is that the main issue here is CSRF attacks, which are a special case of a class of vulnerabilities (confused deputy attacks) that capability systems are known to prevent, but that other access control systems are generally vulnerable to. So it is not surprising that proponents of capability systems would be more likely to recognize the importance of this issue. Indeed the most common -- and arguably most effective -- defence against CSRF is to use an unguessable token as an authenticator. That token is a sparse capability, used in essentially the same way that a capability system would use it. -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
Received on Saturday, 24 October 2009 06:46:25 UTC