[whatwg] Dealing with UI redress vulnerabilities inherent to the current web
Edward Z. Yang
edwardzyang at thewritingpot.com
Tue Sep 30 10:17:51 PDT 2008
Michal Zalewski wrote:
> More importantly, since the dictionary of possible inputs is rather
> limited, it would be pretty trivial to build a dictionary of site <->
> hash pairs and crack the values. May protect
> xyzzy2984.eur.int.example.com, but would still reveal to me you are
> coming from playboy.com.
Salt it. Problem solved.
More information about the whatwg