Confused deputy problem

From Wiki @ Karl Jones dot com
Jump to: navigation, search

A confused deputy is a computer program that is innocently fooled by some other party into misusing its authority.

Description

It is a specific type of privilege escalation.

In information security, the confused deputy problem is often cited as an example of why capability-based security is important, as capability systems protect against this whereas access control list-based systems do not.

See also

External links