Hi again,
Just wanted to summarize some attack vectors that we want to make sure
that we fend off:
The general rule of thumb is "Don't introduce new attack vectors". All
below points are derived from that general rule.
1.
Should not introduce attack vectors to servers protected only by being
behind fire walls. Some servers authenticate solely by relying on the
fact that the user can connect to the server at all.
While anyone can issue an arbitrarily formatted request to a server on
the internet, this is not true for servers on intranets behind
firewalls. The only requests that can be issued to such servers today
are ones that browsers send out. This includes GET requests (from a
multitude of features in HTML) and POST requests from HTML <form>s.
Requests not allowed by these features could introduce new attack vectors.
2.
It should not be possible to issue POST requests containing XML data to
arbitrary servers. This due to that there are a number of SOAP servers
deployed that communicate using XML sent over POST requests and could
perform potentially dangerous attacks.
3.
Should try to prevent dictionary based distributed brute-force attacks
to try to get login accounts to 3rd party servers, to the extent possible.
4.
Should not fail to properly enforce security policy in the face of
commonly deployed proxy servers sitting between the UA and any of
servers the UA is communicating with.
5.
Should not allow loading of XML resources from 3rd party servers without
explicit consent of these servers as such resources can contain
sensitive information.
This restriction should not just apply to XML resources, but any other
type of resource that can contain sensitive information.
I'm sure there are more, so feel free to add to this list.
/ Jonas
