Difference between revisions of "Confused deputy problem"
From Wiki @ Karl Jones dot com
Karl Jones (Talk | contribs) (Created page with "A '''confused deputy''' is a computer program that is innocently fooled by some other party into misusing its authority. == Description == It is a specific type of privi...") |
Karl Jones (Talk | contribs) (→See also) |
||
| Line 10: | Line 10: | ||
* [[Ambient authority]] | * [[Ambient authority]] | ||
| + | * [[Cross-site request forgery]] | ||
* [[Information security]] | * [[Information security]] | ||
Latest revision as of 09:50, 8 November 2016
A confused deputy is a computer program that is innocently fooled by some other party into misusing its authority.
Description
It is a specific type of privilege escalation.
In information security, the confused deputy problem is often cited as an example of why capability-based security is important, as capability systems protect against this whereas access control list-based systems do not.
See also
External links
- Confused deputy problem @ Wikipedia
