[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fixing CSRF exploits in Infrastructure



On Wed November 26 2008, Toshio Kuratomi wrote:

> To be easy to code, require the token for every request of an
> authenticated user.

If I understand your proposal correctly, a user would need to login again for 
every link he clicks from his bookmarks or any mail he gets from a Fedora 
webapplication, e.g. packagedb. And with every login a previous session is 
invalidated, which also includes links in another open browser tab, where the 
user logged after he clicked the previous link.

Regards,
Till

Attachment: signature.asc
Description: This is a digitally signed message part.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]