[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cmis-browser] cross-site request forgery attacks
I agree - the solution for CSRF attacks needs to be common, and is required since we support HTML form endpoints. Thanks, --------------------------------------- Derek Carr IBM Collaboration Solutions (919) 254-8592 (t/l 444) --------------------------------------- From: Scott Malabarba/Costa Mesa/IBM@IBMUS To: cmis-browser@lists.oasis-open.org Date: 02/24/2011 04:31 PM Subject: [cmis-browser] cross-site request forgery attacks Has there been any discussion about providing for server defenses against cross-site request forgery attacks? The only thing I could find is this comment from Derek in an old email thread, http://lists.oasis-open.org/archives/cmis/200905/msg00036.html: > scenarios. There are some issues that we as a TC would need to resolve if > we introduce a multi-part POST endpoint to support document upload/edit > specifically around introducing mechanisms to prevent CSRF attack vectors. If the topic is still open, I'd like to spend a few minutes on it in the next meeting. Regards, Scott Scott Malabarba Software Engineer IBM Enterprise Content Management 3565 Harbor Blvd., Costa Mesa, CA 92626-1420 Phone (714) 327-5133 / Tieline 3955133 Email scott.malabarba@us.ibm.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]