openid / connect / issues / #874 - Standard 6 - Frame Busting — Bitbucket

Issue #874 resolved

Nat Sakimura created an issue 2013-09-18

We mention Frame Busting. We probably should call out X-Frame Header as well.

Comments (5)

Michael Jones
- changed milestone to Final
- changed component to Standard
- assigned issue to
  
  Nat Sakimura
Nat to propose concrete text
- 2013-09-23T23:52:58+00:00
Nat Sakimura reporter
In section 6 of the Standard, the last para states:

Clients SHOULD employ frame busting and other techniques to prevent End-Users from being logged in by third party sites without their knowledge.

It should be changed to

Clients SHOULD employ frame busting and other techniques to prevent End-Users from being logged in by third party sites without their knowledge through such attacks as clickjacking. Refer to 4.4.1.9 of RFC6819 for more details.
- 2013-10-03T00:22:25+00:00
Nat Sakimura reporter
- changed title to Standard 6 - Frame Busting
- 2013-10-03T00:23:22+00:00
Nat Sakimura reporter
- changed status to open
Added the proposed text.
- 2013-10-03T00:23:44+00:00
Michael Jones
- changed status to resolved
Fixed ~~#874~~ - Said more about frame busting

→ <<cset 926cea48d5ba>>
- 2013-10-13T22:36:57+00:00
Log in to comment

Assignee: Nat Sakimura

Type: bug

Priority: minor

Status: resolved

Component: Standard

Milestone: Final

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!