Nuxeo mailing list archives
[Nuxeo-tickets] [Nuxeo Repository] #1831: Check that a POST comes
from the same server
Nuxeo Repository
trac at nuxeo.com
Tue Apr 17 11:04:06 CEST 2007
#1831: Check that a POST comes from the same server
--------------------------+-------------------------------------------------
Reporter: madarche | Owner: madarche
Type: defect | Status: new
Priority: P2 | Milestone: CPS 3.4.5
Component: CPS (global) | Version: TRUNK
Severity: major | Keywords: security XSS
--------------------------+-------------------------------------------------
http://www.sencer.de/article/122/securing-forms-with-post-is-not-enough
We should automatically add a cryptographic nonce (formkey) to the forms
we generate, to prevent this.
This ticket is related to #630.
--
Ticket URL: <http://svn.nuxeo.org/trac/pub/ticket/1831>
Nuxeo Repository <http://www.cps-project.org/>
Nuxeo Repository
This list archive provided by Nuxeo, the
leaders of open source ECM.
Check out the Nuxeo 5 open source,
standards-based ECM project.