new icn messageflickr-free-ic3d pan white
Visual Security Policy boxes on Drupal | by Terriko
Back to photostream

Visual Security Policy boxes on Drupal

If we wanted to stop this using boxes, we'd probably take a look at the page and think “well, that's user-inserted content there and there... there could be sharks!” so you could put a box around each comment separately. And then we might realize that login box contains the username and password, so we should probably protect it too. Into a box it goes! That way if we missed a source of user content, it's still protected.

  

Note: This is part of my presentation on Visual Security Policy for the Web.

 

Note 2: As far as i know, there is no such attack possible on the Drupal forums; I just used them because they made a nice screenshot.

264 views
0 faves
0 comments
Uploaded on August 23, 2010