[cap-talk] Confused Deputy gets a new name in Web 2.0 lingo
Charles Landau
clandau at macslab.com
Tue Oct 17 10:09:57 CDT 2006
At 11:28 PM -0700 10/16/06, Tyler Close wrote:
>This disagreement makes me think that it's not such a bad thing that
>"Confused Deputy" is getting a new name. "Confused Deputy" is a really
>bad name for the attack.
Perhaps, but is "cross-site request forgery" better? It sounds
awfully web-specific. And, where is the forgery? The authorization is
legitimate, it is just misused.
More information about the cap-talk
mailing list