Hi,
I'm attempting to understand the reasons why Wt is not vulnerable to
the BREACH attack, based on this recent blog post:
http://www.webtoolkit.eu/wt/blog/2013/08/07/security__wt_and_the_new_breach_vulnerability/comments?wtd=23bb67q3jTKptXwUPu0fPGQeyS9QVqrY
It says:
"Since Wt never relies (solely) on cookies for session tracking,
luckily, a Wt application is thus not vulnerable to BREACH,
not in the context of CSRF or any other secret to be obtained
from the web application."
So how does Wt handle session tracking? Are the CSRF id's in the URL?
Do they change randomly?
Thanks,
- Chris
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
witty-interest mailing list
witty-interest@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/witty-interest
