W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2008

[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

From: Edward Z. Yang <edwardzyang@thewritingpot.com>
Date: Tue, 30 Sep 2008 13:17:51 -0400
Message-ID: <48E25F3F.8060701@thewritingpot.com>
Michal Zalewski wrote:
> More importantly, since the dictionary of possible inputs is rather
> limited, it would be pretty trivial to build a dictionary of site <->
> hash pairs and crack the values. May protect
> xyzzy2984.eur.int.example.com, but would still reveal to me you are
> coming from playboy.com.

Salt it. Problem solved.
Received on Tuesday, 30 September 2008 10:17:51 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:05 UTC