web security
2009-09-18 15:12:17.510823+00 by Dan Lyke 1 comments
A nice little web application security checklist. Flutterby needs a few updates, mostly about using redirects.
2009-09-18 15:12:17.510823+00 by Dan Lyke 1 comments
A nice little web application security checklist. Flutterby needs a few updates, mostly about using redirects.
comments in ascending chronological order (reverse):
#Comment Re: made: 2009-09-18 19:57:06.474077+00 by: meuon [edit history]
Some of the authentication issues are mote if you use real authentication (simple or digest auth) instead of some half backed javascript/session/cookie kludge because the marketing/bizdev types don't like the login pop-up. Also simple and digest auth methods work on just about everything including phones. This keeps you from having to manage sessions as well, and you can easily clear your cookies and keep your cached auth in a browser. Using proper auth on 'parts' of the site like dynamically created embedded graphics, iframes, etc.. is easier and better when you are using real auth methods.