[wp-hackers] Any other way to do it? (or, do we really need
Nonces?)
Elliotte Harold
elharo at metalab.unc.edu
Fri Mar 2 19:04:28 GMT 2007
Russ (YAR) Gilman-Hunt wrote:
> A lot of Ajax implementations use POST to communicate; that qualifies
> to me as "without human intervention." However, my brain doesn't work
> towards nefarious purposes very easily, so I'm "just sayin" -- not that
> I know how someone would use it.
There are some restrictions on exactly who XmlHttpRequest can POST to.
In particular at the default security level it can only POST back to the
site from which the script came.
However there's something in JSON that allows at least occasional
tunneling around that. As I said, I'm not a big JavaScript person so I'm
not sure if this is or isn't bulletproof, or exactly how it applies
here. More research is needed.
See
http://www.25hoursaday.com/weblog/PermaLink.aspx?guid=060ca7c3-b03f-41aa-937b-c8cba5b7f986
http://www.xml.com/pub/a/2005/11/09/fixing-ajax-xmlhttprequest-considered-harmful.html
I *think* the net effect here is that site foo cannot post a form that
includes my authentication cookies to site bar without me explicitly
pushing a button. If there is a way to hack around this, I think it
would be classified as a security bug by browser vendors, and would be
fixed.
--
Elliotte Rusty Harold elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!
http://www.cafeaulait.org/books/javaio2/
http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/
More information about the wp-hackers
mailing list