Web Application Security
Secure iFrames Nov 03 2014 01:02PM
NightShade (avghacker gmail com) (2 replies)
Re: Secure iFrames Nov 05 2014 02:54PM
David Ford (david blue-labs org)
Re: Secure iFrames Nov 04 2014 01:43AM
Dave Pyper (davepyper davepyper com) (2 replies)
Re: Secure iFrames Nov 05 2014 02:56PM
David Ford (david blue-labs org)
Re: Secure iFrames Nov 04 2014 06:53PM
Tim Brown (tmb 65535 com)
On Tuesday 04 November 2014 01:43:45 Dave Pyper wrote:
> From a high-level, your design should start with the HTTP-served index.html
> page that redirects to an HTTPS-served index2.html that calls the remote
> HTTPS-served iFrame-embedded page(s). There are details that will be
> specific to your implementation, like protocol restrictions on index
> (HTTP-only) and index2 (HTTPS-only) files, and so forth that I won't go
> into. But for the sake of old-school simplicity, that's the model I
> recommend and use.

So what happens if someone MiTMs the redirect>? If Telnet is no longer
acceptable, why is HTTP?

Tim
--
Tim Brown
<mailto:tmb (at) 65535 (dot) com [email concealed]>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJUWSC2AAoJEPJhpTVyySo74OcQAIuUD/sZbR+QIy8MEfk9phnS
3ARh96VSbbx4/J/XO3GkQRx0SMtV6wk2z6v87Kd7KXIhatDyKWXwQPNvqx1sWoIY
6Syj0+NGF4KB1QPhvCSHmJ/VuSRTub0pLzWNs+p0b4CZ/sd5RilzemliAklUQJrI
MCMxdowAzosLYPUHKvQdgzRbSmHsrPg2T1jmqdsG4iGWUf15X5tsQzydX+eMWY8t
h2/1zsoNF8FSwNeve9CRuEjzaxcEzzuCnkEVf+LaDOgNH0oJea1nr9grGoXPBVhn
qCXt7Sx/aR9JhjKPzyJNMfs7DaR2S5DBAKWP6W7ukwFdOYyZM+ao1E2zPrSCWgcZ
czv7sBShf2FTu1Tz1TqEdX7c1jpKoWOqpezWKjs74Pdvi8h+a6LseiX6YVgBS+nQ
XUsytSX1tqj/9V585+lfbuUCrrVYIsY89uUagl7LwEDUHCk4HLvry5/hAq+vPEZ3
SSFD+6Oq+Qi8y1Hherr8mv/R5Du0EKYxSEfFaSGqLsKJzo9kyZ5hZJ8N8PcmwSGw
xiiovkNgbrau4pKeJG9p5m7s0n29qYGJudnJI1lYcFk1FByVgFBYFEDvGMWAKuBv
h3tkL2bmsN140NWrVrBCtLWQJqlTwYpmldWJZrf+/KIjuez0C8Tn3vKid2CX5Lzy
uSG5Sab/jZpz6JCRCoZT
=ssS8
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus