[cap-talk] Security considerations for cookies
Raoul Duke
raould at gmail.com
Wed Feb 17 11:05:03 PST 2010
On Wed, Feb 17, 2010 at 10:52 AM, Tyler Close <tyler.close at gmail.com> wrote:
> Although the term "Confused Deputy" seems to have caught on somewhat,
> I find that people (even very smart ones) almost universally don't
> really understand what it means. So I'm worried the last sentence of
> the above paragraph will simply read to most people as: "Disentangling
> designation and authorization can cause bad stuff to happen." Which is
> true, but not an effective explanation.
$0.02 -- apart from the "even very smart ones" aspect of what Tyler
said, i was such a person who didn't really understand - er, and might
not totally still for all i know - what it means. (i think that is
both because security stuff can easily be confusing, and because the
description i read i think left room for confusion. seems like
something worth re-documenting better somewhere someday.)
sincerely.
More information about the cap-talk
mailing list