[cap-talk] Confused Deputies in Capability Systems
David-Sarah Hopwood
david.hopwood at industrial-designers.co.uk
Wed Feb 11 12:23:50 EST 2009
Toby Murray wrote:
> On Wed, 2009-02-11 at 16:38 +0000, David-Sarah Hopwood wrote:
>> XSRF as a class of attacks depends on the fact that URLs in general are
>> potentially global names. There is no way to assert that an URL is a local
>> name in a particular scope when using it; firewalls are an ad hoc attempt
>> to infer scope from network location, which is clearly not reliable.
>
> Then is XSRF not a specific example of a confused deputy vulnerability?
XSRF *is* a subclass of confused deputy attacks, because the designators
are potentially-global URLs (and the other conditions are met).
--
David-Sarah Hopwood ⚥
More information about the cap-talk
mailing list