HackerTrans
トップ新着トレンドコメント過去質問紹介求人

ctidd

no profile record

コメント

ctidd
·18 日前·議論
There are multiple MIPS systems. The early ones were like you described, with a distinct feeling of too much plastic. Newer ones (e.g. Integra) are much more seamless. There are also other companies doing different types of rotational tech, like Lazer with an integral foam-based shearing design.

If you have only tried first-gen MIPS, I recommend giving it another shot.
ctidd
·20 日前·議論
CSRF can compromise the non-mutating path as well to exfiltrate data, but the mutating path and non-mutating are different, hence the OPTIONS preflight required prior to sending mutating requests.

The browser enforces the same-origin policy by preventing read on non-mutating (i.e. “simple”) request responses and preventing sending of mutating requests (i.e. non-“simple”). CORS provides a protocol for a service to loosen these controls.
ctidd
·20 日前·議論
All CORS does is allow for selective loosening of anti-CSRF controls. CORS is a mechanism for a service to tell a client “I’m CSRF-resistant” so that that the client doesn’t need to protect its user as tightly when interacting with that service.
ctidd
·7 か月前·議論
CSRF exists as a consequence of insecure-by-default browser handling of cookies, whereby the browser sends the host’s cookies on requests initiated by a third-party script to the vulnerable host. If a script can fake all headers, it’s not running in a browser, and so was never exposed to the insecure browser cookie handling to be able to leverage it as a vector. If no prerequisite vector, then no vulnerability to mitigate.
ctidd
·7 か月前·議論
You want lax for the intuitive behavior on navigation requests from other origins. Because there’s no assumption navigation get requests are safe, strict is available as the assumption-free secure option.