OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cmis message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [OASIS Issue Tracker] Created: (CMIS-715) API for cross siterequest forgery defense


API for cross site request forgery defense
------------------------------------------

                 Key: CMIS-715
                 URL: http://tools.oasis-open.org/issues/browse/CMIS-715
             Project: OASIS Content Management Interoperability Services (CMIS) TC
          Issue Type: New Feature
          Components: Browser Binding
    Affects Versions: Browser Binding Proposal
            Reporter: Scott Malabarba


We discussed this topic in the meeting on March 7.  By supporting a form post endpoint, the browser binding introduces potential vulnerability to cross-site request forgery attacks (http://en.wikipedia.org/wiki/Csrf).  We should provide for some common defenses in the browser binding API.  

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]