Hello!
Thx for the answers and warnings i'll do my best to be more
smarter with my codes.
I'm aware about the velocity that the things happens and we have
to do the codes fast, security is always put aside of this. If not at
the end of the list... security codes are completly ignored.
I
Hello!
Thx for the answers and warnings i'll do my best to be more
smarter with my codes.
I'm aware about the velocity that the things happens and we have
to do the codes fast, security is always put aside of this. If not at
the end of the list... security codes are completly ignored.
I
From: jquery-en@googlegroups.com [mailto:[EMAIL PROTECTED] On
Behalf Of Matt Kruse
Sent: Monday, April 16, 2007 8:01 AM
To: jQuery (English)
Subject: [jQuery] Re: JavaScript Hijacking - Jquery among the vulnerable
ones
On Apr 16, 9:11 am, "Scottus " <[EMAIL PROTECTED]> wrote:
>
On 16.04.2007, at 18:02, Jeffrey Kretz wrote:
How would this work exactly? I thought that session cookies and file
cookies are only passed by the browser in a request to a matching
domain?
Or would it be something like this:
1. Log into Washington Mutual Bank Account (20 minute se
Here's the part I'm confused about:
> On 16.04.2007, at 17:01, Matt Kruse wrote:
> ...
> You can steal personal information from other sites, if users stay in
> a cookie-based session while surfing on other pages.
> ...
How would this work exactly? I thought that session cookies and file
coo
On 16.04.2007, at 17:01, Matt Kruse wrote:
In reality, I have yet to see any evidence that this problem actually
exists in the wild. It's a theoretical security concern (not even a
flaw) that is interesting but has very little practical application.
You can steal personal information from oth
On Apr 16, 9:11 am, "Scottus " <[EMAIL PROTECTED]> wrote:
> The single take away (true point) they don't point out is that if you
> use any javascript hosted on a remote server (google adwords for
> example) fully compromises any page that host these scripts.
I don't think that has anything to
My reading of these "security" warnings is that they are FUD pure and simple.
NO ONE but YOU can put any malicious JavaScript on to your web application.
The single take away (true point) they don't point out is that if you
use any javascript hosted on a remote server (google adwords for
exa
Hi Fila,
This was discussed last month when the report first came out and there
were so very good solutions thrown out. Check the archives for it.
I believe the consensus on this specific issue was that you, as a
developer, really have to build the security into your apps.
This statement f
We are very concerned with security and in this case it is up to the
developer to be smart in how sensitive information is delivered and
handled on the client side. jQuery provides the means necessary to
execute the technique found in the paper to overcome this issue.
Also just recently there wa
10 matches
Mail list logo
