LWN has written up an article describing the "redirect" security difficulty found by the folks at Digital Creations while tracking down a security problem with the Zope application server. "Given the way the web and authentication-based sites work, a suitably . . .
LWN has written up an article describing the "redirect" security difficulty found by the folks at Digital Creations while tracking down a security problem with the Zope application server. "Given the way the web and authentication-based sites work, a suitably unpleasant attacker could, through the use of HTTP redirects and (perhaps) malevolent Javascript code, cause actions to be taken on your behalf simply by getting you to look at the wrong web page. The implications of this problem are stunning. Expect to hear more about it in the near future."