[aosd-discuss] Dataflow Pointcut
dm_alhad at alcor.concordia.ca
dm_alhad at alcor.concordia.ca
Mon Feb 18 12:53:18 EST 2008
Hi ,
I want to ask about the importance of the dataflow pointcut. It was
defined as a way to detect cross-site scripting attack in web
applications.
In the paper
"Dataflow Pointcut in Aspect-Oriented Programming", they can detect such
attack using this pointcut.
My question is why they don't search for just the call for the method
getParameter using the call pointcut and filter the input for malicious
code without the use of the dataflow pointcut.
Thanks
Dima
More information about the discuss
mailing list