
Anatomy of a Subtle JSON Vulnerability (2008) - mck-
http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx/
======
rk17
How about simply adding an additional certificate - e.g. random string of
specified length - held by your webapp in closure? And then configure your
server to only respond to requests that have the "secure" httpOnly cookies and
the certificate included using the POST method. The certificate was originally
sent by the server using https protocol during document load, is stored in
closure, and can be dynamically updated asynchronously over https connection.

This limits all requests to ajax requests since inclusion of this additional
certificate is needed from javascript memory, but it does side-step the
problem.

Ps: I know this is a dated article, I'm just curious what you guys think of
this work-around. I think it's more secure and flexible than the work-arounds
suggested in the article, since this does allow you to use the array notation.

