On Tue, 07 Sep 2010 14:45:49 +0200
Pavel Zuna <pz...@redhat.com> wrote:
> Enough text. Waiting for comments. :)
I have one question.
Have you made any consideration wrt security ?
For example you say that you can push a complete state in a URL so that
you can bookmark it.
How does this cope with authentication ?
Is there any way to validate the state is legit server side, or does it
mean we make it an easy target for XSS exploits ?
Last thing I want to see is an admin clicking a link and finding out
that link actually granted some permission to the malicious user that
sent him an carefully crafted email ...
Simo Sorce * Red Hat, Inc * New York
Freeipa-devel mailing list