Flutterby™! : web security

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

web security

2009-09-18 15:12:17.510823+00 by Dan Lyke 1 comments

A nice little web application security checklist. Flutterby needs a few updates, mostly about using redirects.

comments in ascending chronological order (reverse):

#Comment Re: made: 2009-09-18 19:57:06.474077+00 by: meuon [edit history]

Some of the authentication issues are mote if you use real authentication (simple or digest auth) instead of some half backed javascript/session/cookie kludge because the marketing/bizdev types don't like the login pop-up. Also simple and digest auth methods work on just about everything including phones. This keeps you from having to manage sessions as well, and you can easily clear your cookies and keep your cached auth in a browser. Using proper auth on 'parts' of the site like dynamically created embedded graphics, iframes, etc.. is easier and better when you are using real auth methods.