Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Duh (Score 1) 227

Your argument was actually quite valide. The only thing I would add to it, is signing the page. Let me explain:

1. Do all the above steps
2. Hash ( and store ) the output buffer ( PHP ) before flushing it to the browser
3. When preparing the POST to send the auth to the server, have the JS include the hash of the current page

If they do not match: you know code was injected in the page.

Submission + - Facecrime Technology (activistpost.com)

An anonymous reader writes: In late September, there was a modest gathering of law enforcement officers, military personnel, and mental health professionals in the small western New York town of Hamburg. It was totally ignored by the mainstream media, with just a reporter from the Buffalo News on hand to record the proceedings. Lucky for us

Slashdot Top Deals

"It's like deja vu all over again." -- Yogi Berra

Working...