[Tickets #5892] Re: Linked attachment feature vulnerability
bugs at bugs.horde.org
bugs at bugs.horde.org
Tue Nov 20 21:18:53 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=5892
-----------------------------------------------------------------------
Ticket | 5892
Updated By | Jan Schneider <jan at horde.org>
Summary | Linked attachment feature vulnerability
Queue | IMP
Version | HEAD
Type | Bug
State | Feedback
Priority | 2. Medium
Owners |
-----------------------------------------------------------------------
Jan Schneider <jan at horde.org> (2007-11-20 13:18) wrote:
> Isn't the simplest answer here to just add an intermediate page? Make
> it impossible to download a linked attachment directly - you have to
> go to the page first, get a token that's valid for a few minutes,
> make a POST request, etc., then you get the file. That way no jar:
> link could link directly to a file.
Sounds good.
More information about the bugs
mailing list