S4 E38 Security wtih LVH (part 4)
ClojureStream Podcast
00:00
Scripting Security
There might be some mitigations. If you're posting user stored, user generatig contents, especially when you're mixing across users a, itwould be a good idea to put that on a separ domain. The big difference is, after i get crossihd scripting, right after i get code execution with in the application, then cani steal the cooki yes. Or cani say the credential, yes. Now, there are practical advantages to its being available from jobescript and not being set as a cookie in partuar no. It's easier to make a requests to different points, for example, riht,. Because we have the cookies s, it
Transcript
Play full episode
