[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] iFrame secure or not

From: "application.secure application.secure" <application.secure@xxxxxxxxx>
Subject: [WEB SECURITY] iFrame secure or not
Date: Fri, 29 Aug 2008 09:16:32 +0200

------=_Part_17653_31757523.1219994192744
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

In the web development world, IFrame are always targeted as insecure
component.
People say: "Do not use iframe, it's insecure", "Iframe allows iframe
injection and phishing attack", ...

I want to put this topic in perspective.
In the web 2.0 world it's probably more secure to integrate widget in iframe
than in the master page itself (at DOM level).

In a outsourced web application integration project (partner1 will integrate
his application into partner2 's portal), i think also that it is more
secure to use Iframe (especially if partner1 has his own policy and security
guidelines).

So, IFrame are not always insecure! It could be sometimes the best choice to
secure your web application and limit your application attack surface
area...

Comments are welcome

------=_Part_17653_31757523.1219994192744
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<div dir="ltr">In the web development world, IFrame are always targeted as insecure component.<br>People say: &quot;Do not use iframe, it&#39;s insecure&quot;, &quot;Iframe allows iframe injection and phishing attack&quot;, ...<br>
<br>I want to put this topic in perspective. <br>In the web 2.0 world it&#39;s probably more secure to integrate widget in iframe than in the master page itself (at DOM level).<br><br>In a outsourced web application integration project (partner1 will integrate his application into partner2 &#39;s portal), i think also that it is more<br>
secure to use Iframe (especially if partner1 has his own policy and security guidelines).<br><br>So, IFrame are not always insecure! It could be sometimes the best choice to secure your web application and limit your application attack surface area...<br>
<br>Comments are welcome<br><br><br></div>

------=_Part_17653_31757523.1219994192744--

Follow-Ups:
- Re: [WEB SECURITY] iFrame secure or not
  - From: bugtraq

Prev by Date: [WEB SECURITY] Binary search engines
Next by Date: Re: [WEB SECURITY] Binary search engines
Previous by thread: [WEB SECURITY] Binary search engines
Next by thread: Re: [WEB SECURITY] iFrame secure or not
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site