[tahoe-lafs-trac-stream] [tahoe-lafs] #1455: WUI: ambiently accessible pages should framebust in order to prevent UI redressing attacks
tahoe-lafs
trac at tahoe-lafs.org
Sat Jul 30 21:36:13 PDT 2011
#1455: WUI: ambiently accessible pages should framebust in order to prevent UI
redressing attacks
-----------------------------+---------------------------------------------
Reporter: davidsarah | Owner:
Type: defect | Status: new
Priority: minor | Milestone: undecided
Component: code- | Version: 1.8.2
frontend-web | Keywords: security ambient wui redressing
Resolution: |
Launchpad Bug: |
-----------------------------+---------------------------------------------
Comment (by davidsarah):
How not to framebust:
http://seclab.stanford.edu/websec/framebusting/framebust.pdf
The way to do it securely seems to be to send an
[http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-
clickjacking-with-x-frame-options.aspx X-Frame-Options: DENY] header.
--
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1455#comment:1>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list