[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

Edward Z. Yang edwardzyang at thewritingpot.com
Tue Sep 30 10:17:51 PDT 2008

Michal Zalewski wrote:
> More importantly, since the dictionary of possible inputs is rather
> limited, it would be pretty trivial to build a dictionary of site <->
> hash pairs and crack the values. May protect
> xyzzy2984.eur.int.example.com, but would still reveal to me you are
> coming from playboy.com.

Salt it. Problem solved.

More information about the whatwg mailing list