ano kajan Sent from Type Mail
On 9:47PM, May 12, 2015, at 9:47PM, Andrew Davidson <[email protected]> wrote: >On 2015-05-12 09:37, Reindl Harald wrote: >> >> read the wiki article >> >> CSRF is not about "verify authentication state", it is about a link >> from the attacker leads in trigger a action in a web-application >> *because you are authenticated* and hence there is a CRSF-token > >I wasn't sufficiently clear, I don't intend to scrape the data and >embed >it into another application. > >I plan to have the application redirect to RC itself, in the browser. >The other application will never have access to the results of that >page >and it will not redirect back. > >Again, no different than you clicking on this link: >http://www.amazon.com/s/?tag=duc0c-20&url=search-alias%3Daps&field-keywords=barbecue > >Your mail client will have no access to your Amazon account, but the >search request will still be executed. >_______________________________________________ >Roundcube Users mailing list >[email protected] >http://lists.roundcube.net/mailman/listinfo/users
_______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
