๐Ÿ”— Confused Deputy Problem

๐Ÿ”— Computing ๐Ÿ”— Computer Security ๐Ÿ”— Computer Security/Computing ๐Ÿ”— Computing/Software

In information security, a confused deputy is a computer program that is tricked by another program (with fewer privileges or less rights) into misusing its authority on the system. It is a specific type of privilege escalation. The confused deputy problem is often cited as an example of why capability-based security is important.

Capability systems protect against the confused deputy problem, whereas access-control listโ€“based systems do not.

Discussed on