Comments on: Guess everyone makes mistakes http://www.sitepoint.com/blogs/2004/10/29/guess-everyone-makes-mistakes/ News, opinion, and fresh thinking for web developers and designers. The official podcast of sitepoint.com. Tue, 02 Dec 2008 11:31:34 +0000 http://wordpress.org/?v=2.5 By: Ren http://www.sitepoint.com/blogs/2004/10/29/guess-everyone-makes-mistakes/#comment-1308 Ren Wed, 31 Dec 1969 19:00:00 +0000 687593850#comment-1308 <p>Just wish there was mose support for HttpOnly cookies. (Both in non IE browsers, and PHP)</p> <p>http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp</p> Just wish there was mose support for HttpOnly cookies. (Both in non IE browsers, and PHP)

http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp

]]> By: jon http://www.sitepoint.com/blogs/2004/10/29/guess-everyone-makes-mistakes/#comment-1309 jon Wed, 31 Dec 1969 19:00:00 +0000 687593850#comment-1309 <p>Amen to that Ren. </p> <p>https://bugzilla.mozilla.org/show_bug.cgi?id=178993</p> Amen to that Ren.

https://bugzilla.mozilla.org/show_bug.cgi?id=178993

]]> By: Chris Shiflett http://www.sitepoint.com/blogs/2004/10/29/guess-everyone-makes-mistakes/#comment-1310 Chris Shiflett Wed, 31 Dec 1969 19:00:00 +0000 687593850#comment-1310 <p>Thanks for the link, Harry. There's also a plain HTML version available on my Web site that some people might prefer:</p> <p>http://shiflett.org/articles/foiling-cross-site-attacks</p> <p>Do you have any details about the vulnerability? I know the original announcement was purposely vague, but I presume things have been fixed by now.</p> <p>Someone recently sent me a description of a supposed Gmail vulnerability, wanting me to determine whether their findings were valid. I was able to access their account, which was more than they had expected. However, the attack required me to access a URL that should only really be known by the user, and I never had a chance to look into it more. I think details about this recent attack might give me some more perspective about what Google is doing on the server side.</p> Thanks for the link, Harry. There’s also a plain HTML version available on my Web site that some people might prefer:

http://shiflett.org/articles/foiling-cross-site-attacks

Do you have any details about the vulnerability? I know the original announcement was purposely vague, but I presume things have been fixed by now.

Someone recently sent me a description of a supposed Gmail vulnerability, wanting me to determine whether their findings were valid. I was able to access their account, which was more than they had expected. However, the attack required me to access a URL that should only really be known by the user, and I never had a chance to look into it more. I think details about this recent attack might give me some more perspective about what Google is doing on the server side.

]]>