Re: Seeking feedback on proposed security restriction in the browsers

Thread: Re: Seeking feedback on proposed security restriction in the browsers

Search this list only Search all lists
Re: Seeking feedback on proposed security restriction in the browsers
	2007-08-10 19:27:48
Ivan Ristic wrote a proposal paper about a year ago called "Secure Browsing Mode" that you might want to look at - http://www.modsecurity.org/blog/archiv es/Secure_Browsing_Mode_Proposal.pdf It also references Gervase's paper. On 8/10/07, Anurag Agarwal <anurag.agarwalyahoo.com> wrote: > I am looking to get views from people on the list about a proposed security > restriction in the browsers > > The browser should check with the webserver which domains it can interact > with (load files from or submit post data to, etc) for that website. How the > check is implemented is upto the browser. > > For example: If a page from mybank.com is trying to submit data to > attacker.com then before submitting the data, the browser should check with > the mybank.com if it is allowed to do so. > > Q1. is it reasonable? > Q2. What are the pros and cons of this approach? > Q3. Would it limit some types of browser attacks (like some xss vectors, > etc)? > Q4. Would it open any new types of attack vectors? > > > I know there are security researchers, browser vendors, corporate security > folks and various other smart webappsec people on this list. I would really > appreciate if they can chip in with their 2 cents on this topic. > > > Any feedback is highly appreciated > > Cheers, > > Anurag Agarwal > > SEEC - An application security search engine > Web: www.attacklabs.com , www.myappsecurity.com > Email : anurag.agarwalyahoo.com > Blog : http://myappsecurit y.blogspot.com -- Ryan C. Barnett ModSecurity Community Manager Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache ------------------------------------------------------------ ------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today! https://www.watchfire.com/securearea/whi tepapers.aspx?id=701500000008rSe ------------------------------------------------------------ --------------

[1]

about | contact Other archives ( Real Estate discussion Medical topics )