Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Schneier on Security: JavaScript Hijacking. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Schneier on Security: JavaScript Hijacking
by I Love Lamp at 2:08 pm EDT, May 22, 2007

JSON Hijacking

It appears that there is quite a bit of misinformation out there regarding JSON (JavaScript) Hijacking. This site contains the orignial white paper that was put together by Fortify Software.


It seems that the main problems are servers willing to send JSON data to a session authenticated user via HTTP GET method.


Even though it requires that the JSON data objects are sent back in Arrays ([]), this may be a true concern for people that are storing sensative information in their JSON data.




 
RE: Schneier on Security: JavaScript Hijacking
by Catonic at 12:45 pm EDT, May 23, 2007

I Love Lamp wrote:

JSON Hijacking

It appears that there is quite a bit of misinformation out there regarding JSON (JavaScript) Hijacking. This site contains the orignial white paper that was put together by Fortify Software.


It seems that the main problems are servers willing to send JSON data to a session authenticated user via HTTP GET method.


Even though it requires that the JSON data objects are sent back in Arrays ([]), this may be a true concern for people that are storing sensative information in their JSON data.



All your webapps are belong to Billy.


 
 
Powered By Industrial Memetics