Paper Reading Questions

For each paper, your assignment is two-fold. By 10PM the evening before lecture:

Submit your answer for each lecture's paper question via the submission web site in a file named lecn.txt, and
Submit your own question about the paper (e.g., what you find most confusing about the paper or the paper's general context/problem) in a file named sqn.txt. You cannot use the question below. To the extent possible, during lecture we will try to answer questions submitted the evening before.

Once you submit your own question and answer (or after the deadline has passed), you can view the questions and answers that other students submitted.

Lecture 14

Suppose that a web application developer wants to avoid the security pitfalls described in the ForceHTTPS paper. The developer uses HTTPS for the application's entire site, and marks all of the application's cookies as "Secure". If the developer makes no mistakes in doing so, are there still reasons to use ForceHTTPS? Explain why not, or provide examples of specific attacks that ForceHTTPS would prevent.

Questions or comments regarding 6.858? Send e-mail to the course staff at 6.858-staff@pdos.csail.mit.edu.

Top // 6.858 home // Last updated Friday, 29-Jan-2016 11:50:05 EST