Security Holes That Run Deep

Security Holes That Run Deep
Mark Burnett, 2004-12-20

How a seemingly simply Microsoft bug betrayed its author's disdain for a wide range of secure coding principles.

Expand all | Post comment

Security Holes That Run Deep 2004-12-20
Anonymous (2 replies)

Security Holes That Run Deep 2004-12-22
michaels (1 replies)

Security Holes That Run Deep 2004-12-23
Anonymous

Security Holes That Run Deep 2004-12-26
Anonymous

Nothing new from MS here... 2004-12-21
Anonymous

Security Holes That Run Deep 2004-12-21
bazzargh

Over here on the java side of the fence, things aren't much better. The web.xml deployment descriptor adds security-constraints to url-patterns. However, this element is optional and defaults to unsecured. In fact, because its not possible to say "no constraint applies" to an url pattern, no combination of security constraints can get you the policy "everything should be secured except x".

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/285/29614#29614

Failing Open vs. Closed 2004-12-22
Andy S.

Security Holes That Run Deep 2004-12-23
Anonymous

Security Holes That Run Deep 2004-12-29
Anonymous-Philippines (1 replies)

Re: Security Holes That Run Deep 2009-06-10
Anonymous - US