Be able to login to bank

Discussions about the Application Boundaries Enforcer (ABE) module

Re: Be able to login to bank

Postby fatboy » Tue Mar 14, 2017 8:49 pm

In this case, start.me can be sent requests not only to online.citi.com/US/JRS/portal/index.do
If you think that it is fine, then let it be.
Thank you very much.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 SM/2.38 NS/2.9.0.12
fatboy
Junior Member
 
Posts: 28
Joined: Fri Jul 25, 2014 6:56 am

Re: Be able to login to bank

Postby barbaz » Tue Mar 14, 2017 10:20 pm

Ah, now I see what you're saying. Sure, something like this could likely work -
Code: Select all
Site https://online.citi.com/US/JRS/portal/index.do
Accept from https://start.me/* .citi.com
Deny
Site .online.citi.com
Accept from .citi.com
Deny


It does reduce attack surface slightly, but not by that much. Especially since only the https version of start.me is allowed to link the bank site, and you're already trusting start.me not to abuse it.
*Always* check the changelogs BEFORE updating that important software!
Board search is currently partially broken: https://forums.informaction.com/viewtopic.php?f=14&t=21752
Workaround: use your favorite search engine, add site:forums.informaction.com to your query
-
barbaz
Senior Member
 
Posts: 6945
Joined: Sat Aug 03, 2013 5:45 pm

Re: Be able to login to bank

Postby Thrawn » Wed Mar 15, 2017 3:28 am

To allow linking, you could adjust it to:
Code: Select all
Site https://online.citi.com/US/JRS/portal/index.do
Accept from .citi.com
Anon GET from https://start.me/*
Deny
Site .online.citi.com
Accept from .citi.com
Deny
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
User avatar
Thrawn
Senior Member
 
Posts: 3010
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia

Previous

Return to ABE

Who is online

Users browsing this forum: No registered users and 1 guest

cron