HackerLangs
TopNewTrendsCommentsPastAskShowJobs

ctidd

no profile record

comments

ctidd
·18 วันที่ผ่านมา·discuss
There are multiple MIPS systems. The early ones were like you described, with a distinct feeling of too much plastic. Newer ones (e.g. Integra) are much more seamless. There are also other companies doing different types of rotational tech, like Lazer with an integral foam-based shearing design.

If you have only tried first-gen MIPS, I recommend giving it another shot.
ctidd
·20 วันที่ผ่านมา·discuss
CSRF can compromise the non-mutating path as well to exfiltrate data, but the mutating path and non-mutating are different, hence the OPTIONS preflight required prior to sending mutating requests.

The browser enforces the same-origin policy by preventing read on non-mutating (i.e. “simple”) request responses and preventing sending of mutating requests (i.e. non-“simple”). CORS provides a protocol for a service to loosen these controls.
ctidd
·20 วันที่ผ่านมา·discuss
All CORS does is allow for selective loosening of anti-CSRF controls. CORS is a mechanism for a service to tell a client “I’m CSRF-resistant” so that that the client doesn’t need to protect its user as tightly when interacting with that service.
ctidd
·7 เดือนที่ผ่านมา·discuss
CSRF exists as a consequence of insecure-by-default browser handling of cookies, whereby the browser sends the host’s cookies on requests initiated by a third-party script to the vulnerable host. If a script can fake all headers, it’s not running in a browser, and so was never exposed to the insecure browser cookie handling to be able to leverage it as a vector. If no prerequisite vector, then no vulnerability to mitigate.
ctidd
·7 เดือนที่ผ่านมา·discuss
You want lax for the intuitive behavior on navigation requests from other origins. Because there’s no assumption navigation get requests are safe, strict is available as the assumption-free secure option.