Sign In/My Account | View Cart  
advertisement

Article:
Putting RSS to Work: Immediate Action Feeds
Subject: malicious actions
Date: 2005-12-14 21:00:30
From: mwoodman
Response to: malicious actions
Great question. It is absolutely possible. If a feed can be hijacked, then anything within can be corrupted... whether or not it contains immediate action items.


There are a number of anti-hijack efforts going on, so the ultimate solution for the problem neither begins nor ends here. That being said, it is important to be very careful about providing action items which alter application state without some form of authentication. This boils down to either authenticating after the click (like eBay's "Watch this Item") or before the click with a secured, authenticated feed.


Another potential safeguard is the use of a one-time security token as part of the action item. This article, "Generating One-Time URLs with PHP" describes one approach: http://www.onlamp.com/pub/a/php/2002/12/05/one_time_URLs.html

No Previous Message Previous Message Move up to Parent Message Up Next Message No Next Message

Recommended for You


Sponsored By: