Create an Account
username: password:
 
  MemeStreams Logo

Schneier on Security: JavaScript Hijacking

search

I Love Lamp
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

I Love Lamp's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
Schneier on Security: JavaScript Hijacking
Topic: Technology 2:08 pm EDT, May 22, 2007

JSON Hijacking

It appears that there is quite a bit of misinformation out there regarding JSON (JavaScript) Hijacking. This site contains the orignial white paper that was put together by Fortify Software.


It seems that the main problems are servers willing to send JSON data to a session authenticated user via HTTP GET method.


Even though it requires that the JSON data objects are sent back in Arrays ([]), this may be a true concern for people that are storing sensative information in their JSON data.



Schneier on Security: JavaScript Hijacking



 
 
Powered By Industrial Memetics
RSS2.0