ISSUE-108

confused deputy problem

State:
RAISED
Product:
CORS
Raised by:
Anne van Kesteren
Opened on:
2009-11-02
Description:
See http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/1324.html and follow up. Also see minutes of Santa Clara F2F.
Related Actions Items:
Related emails:
  1. [CORS] ISSUE-108: confused deputy problem (from art.barstow@nokia.com on 2009-11-05)
  2. ISSUE-108: confused deputy problem [CORS] (from sysbot+tracker@w3.org on 2009-11-02)

Related notes:

2009-11-02 22:47:10: During the 2009-11 f2f, this issue was articulated as, "Is there an obvious way to use CORS that introduces a risk of confused deputy attacks or other security risks?" see http://www.w3.org/2009/11/02-webapps-minutes.html#item03 [Michael(tm) Smith]

Display change log ATOM feed

Charles McCathieNevile <chaals@opera.com>, Arthur Barstow <art.barstow@nokia.com>, Chairs, Doug Schepers <schepers@w3.org>, Michael(tm) Smith <mike@w3.org>, Staff Contacts
Tracker, originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.231 2009/11/16 15:00:54 dom Exp $