What are the security concerns to keep in mind when using them
Themes can cause security issues when they are used on your Web site. Malicious themes can be used to:
1. Alter a control's behavior so that it does not behave as expected.
2. Inject client-side script, therefore posing a cross-site scripting risk.
3. Expose sensitive information.
4. The mitigations for these common threats are:
5. Protect the global and application theme directories with proper access control settings. Only trusted users should be allowed to write files to the theme directories.
6. Do not use themes from an untrusted source. Always examine any themes from outside your organization for malicious code before using them on you Web site.
7. Do not expose the theme name in query data. Malicious users could use this information to use themes that are unknown to the developer and thereby expose sensitive information.
1. Alter a control's behavior so that it does not behave as expected.
2. Inject client-side script, therefore posing a cross-site scripting risk.
3. Expose sensitive information.
4. The mitigations for these common threats are:
5. Protect the global and application theme directories with proper access control settings. Only trusted users should be allowed to write files to the theme directories.
6. Do not use themes from an untrusted source. Always examine any themes from outside your organization for malicious code before using them on you Web site.
7. Do not expose the theme name in query data. Malicious users could use this information to use themes that are unknown to the developer and thereby expose sensitive information.
No comments:
Post a Comment