The ACL model is unable to make correct access
decisions for interactions involving more than two
principals, since required information is not retained
across message sends. Though this deficiency has long
been documented in the published literature, it is
not widely understood. This logic error in the ACL
model is exploited by both the clickjacking and Cross-
Site Request Forgery attacks that affect many Web
applications.
%0 Journal Article
%1 noauthororeditor
%A Close, Tyler
%D 2009
%K capability_security cross_site_request_forgery cross_site_scripting
%T ACLs don't
%U http://waterken.sourceforge.net/aclsdont/current.pdf
%X The ACL model is unable to make correct access
decisions for interactions involving more than two
principals, since required information is not retained
across message sends. Though this deficiency has long
been documented in the published literature, it is
not widely understood. This logic error in the ACL
model is exploited by both the clickjacking and Cross-
Site Request Forgery attacks that affect many Web
applications.
@article{noauthororeditor,
abstract = {The ACL model is unable to make correct access
decisions for interactions involving more than two
principals, since required information is not retained
across message sends. Though this deficiency has long
been documented in the published literature, it is
not widely understood. This logic error in the ACL
model is exploited by both the clickjacking and Cross-
Site Request Forgery attacks that affect many Web
applications.},
added-at = {2020-09-16T14:57:41.000+0200},
author = {Close, Tyler},
biburl = {https://www.bibsonomy.org/bibtex/275c9033a6ffe75cce2053071089e280c/ccx},
interhash = {75cdbbd024cbbc8887103d692afa1987},
intrahash = {75c9033a6ffe75cce2053071089e280c},
keywords = {capability_security cross_site_request_forgery cross_site_scripting},
timestamp = {2020-09-16T14:57:41.000+0200},
title = {ACLs don't},
url = {http://waterken.sourceforge.net/aclsdont/current.pdf},
year = 2009
}