Manualshelf

Specifications

ManualsBrandsSavin ManualsAll in One PrinterLD330
71727374757677787980
Print Controller Design Guide for Information Security:
Page 71 of 92
Protection Against URL Buffer Overflows
URL buffer overflow attacks occur when intentionally oversized URL strings are sent to a Web
server with the intent of overflowing the buffer’s storage capacity, causing the server to shut down.
WebImageMonitor prevents such trouble by limiting the length of the URL strings it will accept,
rejecting any requests that exceed this limit.
In addition, authentication is performed before any settings can be changed, ensuring that
malicious data cannot be introduced via illegal access.
Protection Against Session Hijacks
A “session hijack” refers to when the session ID stored in a cookie is obtained in order to illegally
access or otherwise use a session for malicious purposes.
WebImageMonitor employs the following countermeasures to minimize the threat of session
hijacks:
The session ID is randomized, which makes it very difficult for third parties to surmise its value
Communication is protected by SSL, preventing theft of any data or messages exchanged
The above-mentioned countermeasures for cross-site scripting prevent cookies from being
illegally accessed
In addition, there are also security measures to minimize any potential threat to the MFP/LP in the
unlikely event the session ID were somehow stolen:
The session ID is given an expiration date
The session ID contains no information whatsoever that could be linked to individual user data
stored in the MFP/LP
Protection Against the Setting of Illegal URLs
The optional URL setting in WebImageMonitor can only be changed by users authenticated as
Network Administrators.