[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fixing CSRF exploits in Infrastructure



Chuck Anderson wrote:
> On Wed, Nov 26, 2008 at 09:47:06AM -0800, Toshio Kuratomi wrote:
>> Pretty much agreed on this analysis.  My one note is that in my usage,
>> at least, I already have to login most of the time when clicking on a
>> link in bugzilla or email due to my session having expired already.
> 
> Stange.  I almost never have to re-login to bugzilla once I've logged 
> in on a particular system.
> 
We're talking about comments added to bugzilla that link to the Fedora
Web Applications (pkgdb, bodhi, etc).

Bugzilla has its own cookies and authentication structure that we won't
be messing with as part of this.

-Toshio

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]