[orion-dev] Protection against Java Script Hijacking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[orion-dev] Protection against Java Script Hijacking

From: "Schmalz, Matthias" <matthias.schmalz@xxxxxxx>
Date: Mon, 14 Apr 2014 07:01:43 +0000
Accept-language: en-US
Delivered-to: orion-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/orion-dev>
List-help: <mailto:orion-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/orion-dev>, <mailto:orion-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/orion-dev>, <mailto:orion-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: Ac9WhV0LctyX4HptQQ+i/zuxcy2Olg==
Thread-topic: Protection against Java Script Hijacking

Hi All,

currently we are doing some security considerations for the usage of Orion.

One topic, that came up here, is the protection against _javascript_ hijacking (see http://capec.mitre.org/data/definitions/111.html or http://www.net-security.org/dl/articles/_javascript__Hijacking.pdf).

Have there already been any considerations about the relevance of this attack for Orion? Are there any plans to implement a protection?

An example for an attack target could be the user preference store which contains the user’s e-mail address, full name and login user.

Best regards

Matthias Schmalz

Follow-Ups:
- Re: [orion-dev] Protection against Java Script Hijacking
  - From: Simon Kaegi

Prev by Date: Re: [orion-dev] Viewing new syntax highlighting
Next by Date: Re: [orion-dev] Protection against Java Script Hijacking
Previous by thread: [orion-dev] Viewing new syntax highlighting
Next by thread: Re: [orion-dev] Protection against Java Script Hijacking
Index(es):
- Date
- Thread

Back to the top