Difference between revisions of "Confused deputy problem"

From Wiki @ Karl Jones dot com
Jump to: navigation, search
(Created page with "A '''confused deputy''' is a computer program that is innocently fooled by some other party into misusing its authority. == Description == It is a specific type of privi...")
 
(See also)
 
Line 10: Line 10:
  
 
* [[Ambient authority]]
 
* [[Ambient authority]]
 +
* [[Cross-site request forgery]]
 
* [[Information security]]
 
* [[Information security]]
  

Latest revision as of 09:50, 8 November 2016

A confused deputy is a computer program that is innocently fooled by some other party into misusing its authority.

Description

It is a specific type of privilege escalation.

In information security, the confused deputy problem is often cited as an example of why capability-based security is important, as capability systems protect against this whereas access control list-based systems do not.

See also

External links