[Tickets #4492] NEW: CSRF protection with form tokens

bugs@bugs.horde.org bugs at bugs.horde.org
Thu Oct 5 05:22:40 PDT 2006


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=4492
-----------------------------------------------------------------------
 Ticket             | 4492
 Created By         | Jan Schneider <jan at horde.org>
 Summary            | CSRF protection with form tokens
 Queue              | Horde Framework Packages
 Version            | HEAD
 Type               | Enhancement
 State              | Accepted
 Priority           | 2. Medium
 Owners             | 
-----------------------------------------------------------------------


Jan Schneider <jan at horde.org> (2006-10-05 05:22) wrote:

Add CSRF protection to Horde_Form using Horde_Token: we should not only
check for tokens submitted twice to protect against duplicate submissions,
but also check if a token is submitted at all to protect agains POST
attacks with form not created by ourselves.




More information about the bugs mailing list