[Esapi-user] [Esapi-dev] Why ESAPI crypto uses a custom serialization scheme
jim.manico at owasp.org
Sat May 1 18:23:41 EDT 2010
I call cryto-bs here. Compromise of a client always always leads to
data loss for that user. As soon as a keylogger, malicious browser
plugin or other client compromise is in effect - it's game over for
that user - and potentially all other users that the victim has
adminstrative access over.
What am I missing here Kevin?
On May 1, 2010, at 10:22 AM, "Kevin W. Wall" <kevin.w.wall at gmail.com>
More information about the Esapi-user