[Tickets #4492] NEW: CSRF protection with form tokens
bugs@bugs.horde.org
bugs at bugs.horde.org
Thu Oct 5 05:22:40 PDT 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=4492
-----------------------------------------------------------------------
Ticket | 4492
Created By | Jan Schneider <jan at horde.org>
Summary | CSRF protection with form tokens
Queue | Horde Framework Packages
Version | HEAD
Type | Enhancement
State | Accepted
Priority | 2. Medium
Owners |
-----------------------------------------------------------------------
Jan Schneider <jan at horde.org> (2006-10-05 05:22) wrote:
Add CSRF protection to Horde_Form using Horde_Token: we should not only
check for tokens submitted twice to protect against duplicate submissions,
but also check if a token is submitted at all to protect agains POST
attacks with form not created by ourselves.
More information about the bugs
mailing list