[cap-talk] Confused Deputy gets a new name in Web 2.0 lingo

Tyler Close tyler.close at gmail.com
Tue Oct 17 11:46:35 CDT 2006


On 10/17/06, Charles Landau <clandau at macslab.com> wrote:
> At 11:28 PM -0700 10/16/06, Tyler Close wrote:
> >This disagreement makes me think that it's not such a bad thing that
> >"Confused Deputy" is getting a new name. "Confused Deputy" is a really
> >bad name for the attack.
>
> Perhaps, but is "cross-site request forgery" better? It sounds
> awfully web-specific. And, where is the forgery? The authorization is
> legitimate, it is just misused.

Yes, this new name doesn't seem very good either.

Something like the "Penless Notary" might be more descriptive of the
crux of the matter, but I don't know that that's a good name either.
Naming is hard.

Tyler

-- 
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/

Name your trusted sites to distinguish them from phishing sites.
https://addons.mozilla.org/firefox/957/


More information about the cap-talk mailing list