[cap-talk] Confused Deputy gets a new name in Web 2.0 lingo

Charles Landau clandau at macslab.com
Tue Oct 17 10:09:57 CDT 2006


At 11:28 PM -0700 10/16/06, Tyler Close wrote:
>This disagreement makes me think that it's not such a bad thing that
>"Confused Deputy" is getting a new name. "Confused Deputy" is a really
>bad name for the attack.

Perhaps, but is "cross-site request forgery" better? It sounds 
awfully web-specific. And, where is the forgery? The authorization is 
legitimate, it is just misused.


More information about the cap-talk mailing list