6
edits
Security/CSP/Confidentiality: Difference between revisions
no edit summary
mNo edit summary |
No edit summary |
||
| Line 16: | Line 16: | ||
This would, in particular, be really useful in scenarios where sensitive tokens are present in the document. | This would, in particular, be really useful in scenarios where sensitive tokens are present in the document. A successful HTML injection can possibly exfiltrate these tokens. For example, exfiltration of a BrowserID URL to login compromises correctness, exfiltration of a unique identifier of the user compromises privacy and so on. | ||
Another important use case is data vaults: Google Docs, Password Managers, phpMyAdmin are all examples of web applications that handle sensitive data, where content exfiltration attacks might be dangerous. An injection vulnerability in Google Docs can exfiltrate sensitive docs; a injection vulnerability in phpMyAdmin can allow exfiltrate SQL databases. | Another important use case is data vaults: Google Docs, Password Managers (e.g., LastPass), phpMyAdmin are all examples of web applications that handle sensitive data, where content exfiltration attacks might be dangerous. An injection vulnerability in Google Docs can exfiltrate sensitive docs; a injection vulnerability in phpMyAdmin can allow exfiltrate SQL databases; and exfiltration of data from password managers would be really bad. | ||
|Feature requirements=Even if an attacker achieves code injection, she should not be able to exfiltrate <i>any</i> data to an origin other than the ones in the whiltelist, save for the non-goals listed below. | |Feature requirements=Even if an attacker achieves code injection, she should not be able to exfiltrate <i>any</i> data to an origin other than the ones in the whiltelist, save for the non-goals listed below. | ||
|Feature non-goals=Side Channels | |Feature non-goals=Side Channels | ||