| Publisher | International World Wide Web Conference Committee | ||
|---|---|---|---|
| Format | 180.5KB PDF | Date added | 12 May 2006 |
| Topics | Java, Security Management, Application Development | ||
| Downloads | 3 | ||
The paper discusses the time the web sites take to respond to HTTP requests can leak private information, using two different types of attacks. The first, direct timing, directly measures response times from a web site to expose private information such as validity of an username at a secured site or the number of private photos in a publicly viewable gallery. The second, cross-site timing, enables a malicious web site to obtain information from the user's perspective at another site. The paper explains in detail how and why these attacks work, and discuss methods for writing web application code that resists these attacks.
Did you find this white paper useful?
12 out of 24 users found this white paper useful
Related white papers
Case Study: Design and Development of Silhouette 1.0
Natural Convergence Inc. (NCI) develops and markets hosted VoIP software solutions. NCI is developing a voice over IP framework that enables service providers to deliver IP voice services to small...
Creating Simple Firefox "Add-Ons" With Ubiquity: Developing Add-Ons for Firefox Can Be Tedious, But It's Not Hard
Making add-ons for Firefox is not hard, but development can be tedious, especially as there is no formal development IDE for making them (Venkman comes closest, but it's not very...
Java 2 Platform, Standard Edition V 1.4 Performance and Scalability Guide
One of the design centers for the release of Java 2 Platform, Standard Edition (J2SE) version 1.4 was to improve the performance and scalability of the Java platform. This paper...
Converting Java Applications to .NET Using J#: A Technical Case Study
LogicLibrary saw a unique opportunity to expand market share by producing a fully .NET-compliant version of their Logidex solution using the J# compiler for .NET and the Struts Framework to...
Understanding and Improving BEA WebLogic Application Server Performance With PATROL for BEA WebLogic
Many configuration settings are available to the administrator who is interested in streamlining the efficiency and improving the performance of BEA WebLogic Application Servers. This paper attempts to demonstrate that...
Introduction to the FileConnection API
This paper describes the FileConnection API. It also includes a brief description of the example MIDlet that is included in this package and additional details about the API implementation in...
Mobile Applications With J2ME
Java is one of the most exciting things currently happening to the world of mobile devices and applications. This paper is providing insight into Java technology for the application development...
