On 11/06/2012 11:52, Frank Karlitschek wrote:
On 11.06.2012, at 05:15, Matthew Dawson <[email protected]> wrote:
On June 10, 2012 09:44:24 PM Florian Rüchel wrote:
Hi Frank,
I thought about CSRF protection and the general idea already stands. We
should now figure out how we want to have it implemented and then I will
start working on it.
Hi !
I'm not a security specialist, but I recently realized that owncloud
uses the referer sent by the brower in order to deal with this CSRF
issue. For some browser this can prevent the user to login in some
particular cases (Private Browsing, or with some security-enforcement
addons).
So because everything is being discussed now, and because anyway the
referer can be spoofed, is it really relevant to use it as a way to
secure owncloud ?
Romain.
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
