Confused deputy problem

From Wiki @ Karl Jones dot com
Revision as of 09:50, 8 November 2016 by Karl Jones (Talk | contribs) (See also)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

A confused deputy is a computer program that is innocently fooled by some other party into misusing its authority.

Description

It is a specific type of privilege escalation.

In information security, the confused deputy problem is often cited as an example of why capability-based security is important, as capability systems protect against this whereas access control list-based systems do not.

See also

External links