Hi, > A smart security person pointed me to the "RequestPolicy" firefox > extension. I've had it on my todo list for a month but haven't found > time to look at it. Anybody here want to take a look, give it a spin, > decide if it solves an important problem, figure out how well it > coexists with Noscript and Torbutton, etc?
I have RP installed beside NoScript, but without Torbutton. It coexists very well with NoScript, you can allow/disallow all requests to external "base domains", "full domains" and "full addresses", but Scripts etc. from such domains and adresses are only allowed/disallowed with the additional actions & functions from NoScript. The author says, that he sees RP as an addition to NoScript. The context menu / handling is like NoScript or FoxyProxy. No blacklists so far and the whitelists are static - you cannot edit the entries or use wildcards /RegEx (requested and added to his list of planned features). Perhaps RP's functions could or will be incorporated in things like NoScript, Torbutton...don't know. I have written a short German-language review in <http://blog.kairaven.de/archives/1791-RequestPolicy-gegen-CSRF-fuer-Mozilla-Browser.html> but you can follow <http://ha.ckers.org/blog/20090117/request-policy-firefox-extention/> too ;) -- Ciao Kai http://kairaven.de/ Mail per I2P: http://www.i2p2.de/

