Hi, Chris,
Wow, that sounds like a pretty sophisticated attack. I would tend to
think it would be much easier to trick the sysadmin with the root pw
into granting sudo rights that let you into the database itself... how
much prevention is really necessary?
I do see the need for good CSRF protecti
Hi all:
Secunia has listed the XSRF issues (which are systematic in the legacy
codebase) as "partially fixed." I want to take a moment to explain what
their concern is, what mitigating measures can be taken in production
versions, and what the risks are. I will also explain what we are doing in
