[Tickets #4492] CSRF protection with form tokens
bugs@bugs.horde.org
bugs at bugs.horde.org
Thu Oct 5 11:31:26 PDT 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=4492
-----------------------------------------------------------------------
Ticket | 4492
Updated By | Chuck Hagenbuch <chuck at horde.org>
Summary | CSRF protection with form tokens
Queue | Horde Framework Packages
Version | HEAD
Type | Enhancement
State | Accepted
Priority | 2. Medium
Owners |
-----------------------------------------------------------------------
Chuck Hagenbuch <chuck at horde.org> (2006-10-05 11:31) wrote:
The token needs to be not just present, but valid. We'll need to give each
form a unique id to track that sort of thing, and store the expected token
for it either in the session or by something we can look up in Token (or
other) storage.
More information about the bugs
mailing list