[cap-talk] Confused Deputy (definitions)
clandau at macslab.com
Thu Oct 26 22:26:46 CDT 2006
At 4:54 PM -0700 10/25/06, Jed at Webstart wrote:
>I'm not sure the best way out of this situation. Updates to
>the Wikipedia definitions await...
Can we agree that the passwd example currently at
http://en.wikipedia.org/wiki/Confused_Deputy is an example of Ping's
pattern #3, not #2, and is really not appropriate?
>In the mean time should we
>(I since I guess I'm the culprit) remove the linking between the
>Confused Deputy and the Cross-site request forgery definitions?
>I'm in favor of that approach.
Me too. I was definitely confused trying to figure out the connection, if any.
>I think perhaps the original "Confused Deputy" example in its pure
>form is obscure enough and specific enough to an architecture that
>no longer exists that it may not be appropriate to link it to more
>current issues. Do others feel that it has current relevance?
>don't want to seem to be tying the importance of the capability
>approach to authorization to such an obscure problem that's not
>significantly at issue in modern systems.
I would like to replace the passwd example with an example that
follows Ping's pattern #2, but phrased in Unix terms which will be
more relevant and updated than Norm's example. Can someone who is
more familiar with Unix than I am suggest such an example?
More information about the cap-talk