There's plenty of information on the inter-tube on the Cross Site Request Forgery Hack (CSRF, also known as XSRF and Confused Deputy - go on just Google those acronyms) so I'm only going to give a general overview of the exploit but know that it is a problem that has been around pretty much since the birth of of the internet, that browsers cannot prevent it (and have in the past aided it), and pretty much relies on a User's Trust / Stupidity.
Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Tuesday, 22 February 2011
Thursday, 17 February 2011
Windows Identity Foundation
In Brief
Windows identity Foundation (WIF) is a component of Microsoft's identity and access management solution. It is a 'Federated' and 'Claims' based identity framework with the distinct goal of decoupling the mode of authentication from an application and/or service. On the face of it then, WIF appears to be an solution for externalising the authentication mechanism altogether, no longer necessitating the need to create custom identity providers and user account tables for disparate applications within and without an organisation.
Subscribe to:
Posts (Atom)