|
|
Posted by Edward Vermillion on 07/08/05 20:31
On Jul 8, 2005, at 12:02 PM, Ezra Nugroho wrote:
>
> I am just wondering, how could someone craft an html to steal cookies?
> If your cookie distribution is done right, I don't think you need to
> worry about this.
>
That's what XSS is all about. I don't have the link handy but I do have
a PDF file that I found
a while back that explains how this happens, and to tell the truth, it
scared the s*** outa me.
To the point that I really don't trust any online commerce, although I
do still use it, just as
I still give the waitress/waiter my credit card at a restaurant, even
though I know that's where
most of the identity theft/stolen CC numbers comes from.
> There are a gazillion of sites (CMS-based, wiki-based, etc, including
> php.net) that allow users to contribute html. They are not concern
> about
> security of data delivery.
Yeah I know... :P
>
> I think, page breaking html is more prominent issue, which you could
> eliminate with BBcode or wiki language.
>
> Perhaps you are being a little paranoid?
> Or do I miss something?
>
So yeah, I'm being paranoid but I'm also trying to cover as many bases
as I can and yet
still provide some decent functionality.
Edward Vermillion
evermillion@doggydoo.net
Navigation:
[Reply to this message]
|