cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Stefan Winter <stefan.winter AT restena.lu>
- To: "cat-users AT geant.net" <cat-users AT geant.net>
- Subject: [cat-users] Hardening of web server - <frame> difficulties?
- Date: Mon, 19 Oct 2015 11:39:51 +0200
- List-archive: <https://mail.geant.net/mailman/private/cat-users/>
- List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
- Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hello,
we have received a request from our hosting admins to increase hardening
against so-called clickjacking attacks.
There is an easy-to-set server setting in Apache which sets
X-Frame-Options to SAMEORIGIN.
This will stop clickjacking by basically not allowing the CAT website to
be rendered inside a <frame> or <iframe>.
I'm worried that this may have unwanted side-effects though,
particularly if a university admin puts CAT inside a <frame> on their
onboarding SSID.
Do people out there put our CAT website into a <frame> or <iframe>?
Please reply to this message if you do, so we can gauge if the benefits
outweigh the hassle...
Also reply with any other thoughts on the topic of course :-)
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Attachment:
0x8A39DC66.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
- [cat-users] Hardening of web server - <frame> difficulties?, Stefan Winter, 10/19/2015
- Re: [cat-users] Hardening of web server - <frame> difficulties?, Alan Buxey, 10/19/2015
- Re: [cat-users] Hardening of web server - <frame> difficulties?, Tomasz Wolniewicz, 10/19/2015
- Re: [cat-users] Hardening of web server - <frame> difficulties?, Alan Buxey, 10/19/2015
- Re: [cat-users] Hardening of web server - <frame> difficulties?, Tomasz Wolniewicz, 10/19/2015
- Re: [cat-users] Hardening of web server - <frame> difficulties?, Stefan Winter, 10/19/2015
- Re: [cat-users] Hardening of web server - <frame> difficulties?, Tomasz Wolniewicz, 10/19/2015
- Re: [cat-users] Hardening of web server - <frame> difficulties?, Stefan Winter, 10/19/2015
- Re: [cat-users] Hardening of web server - <frame> difficulties?, Tomasz Wolniewicz, 10/19/2015
- Re: [cat-users] Hardening of web server - <frame> difficulties?, Alan Buxey, 10/19/2015
- Re: [cat-users] Hardening of web server - <frame> difficulties?, Jose Manuel Macias Luna, 10/19/2015
- Re: [cat-users] Hardening of web server - <frame> difficulties?, Tomasz Wolniewicz, 10/19/2015
- Re: [cat-users] Hardening of web server - <frame> difficulties?, Alan Buxey, 10/19/2015
Archive powered by MHonArc 2.6.19.