Đang chuẩn bị liên kết để tải về tài liệu:
Do Strong Web Passwords Accomplish Anything?

Không đóng trình duyệt đến khi xuất hiện nút TẢI XUỐNG Tải xuống

Web applications must consider the possibility of mali- cious attackers that craft arbitrary messages, and counter this threat through server-side mechanisms. However, to date, Web application development has focused only on methodologies and tools for server-side security enforcement (for instance, see [11, 13]). At most, non-malicious Web clients have been assumed to enforce a rudimentary “same origin” security policy [22]. Web clients are not even informed of simple Web appli- cation invariants, such as “no scripts in the email mes- sage portion of a page”, since clients are not trusted to enforce security policies. This focus on centralized server-side security mecha- nisms is shortsighted: server-side enforcement has diffi- culties constraining even simple client behavior