On Friday 08 June 2012 16:42 Frank Karlitschek wrote: > Hi everybody, > > we have to do something in ownCloud against the CSRF thread. We have some > protection in some areas already but I think we need a general solution > here. We have to check if a GET request, form POST or Ajax request really > comes from the user and ownCloud itself or if it was triggered by an evil > JS script of flash applet from an remote site. > Opinions? Does this make sense?
It sounds like a straight forward way to do it. Labor intensive to implement to start with but easy to remember once you're used to it. > And does someone volunteer to help me to implement all this? :-) Could we compile a list of all (core) apps and other parts that need going through? I'll surely take Contacts, but just write me up for some other stuff as well. -- Med venlig hilsen / Best Regards Thomas Tanghus _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
