a priori il doit suffire de retourner le bon header "X-Frame-Options: Deny".
Voir
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
Sauf si on pense que ça pète des trucs :)
On 14 November 2014 21:57, Dotclear (contact) <contact(a)dotclear.net> wrote:
Faudra qu'on se penche la dessus, à l'occasion.
---------- Forwarded message ----------
From: Narendra Bhati <bhati.contact(a)gmail.com>
Date: 2014-11-14 16:54 GMT+01:00
Subject: Click Jacking Vulnerability
To: contact(a)dotclear.net
Respected Authorities
while looking in your cms i found that its vulnerable to click jacking
attack
see here for more info on clicjacking -
https://www.owasp.org/index.php/Clickjacking
--
*Narendra Bhati "CEH" **( Facebook
<
http://www.facebook.com/narendradewsoft> , Twitter
<
http://www.twitter.com/NarendraBhatiB> , LinkedIn
<
https://www.linkedin.com/profile/view?id=115146074> , Personal Blog
<
http://hacktivity.websecgeeks.com> )*
*Security Analyst - IT Risk & Security Management Services*
Suma Soft Pvt. Ltd. | Suma Center | Near Mangeshkar Hospital | Erandawane
Pune: 411004 | *+919923397301 <%2B919923397301>*
*======================================================================*
--
Dotclear Team
--
Dev mailing list - Dev(a)list.dotclear.org -
http://ml.dotclear.org/listinfo/dev