[Framework-Team] PLIP 224: CSRF protection framework
Wichert Akkerman
wichert at wiggy.net
Thu Jan 31 18:15:12 UTC 2008
See http://plone.org/products/plone/roadmap/224 for details.
I absolutely hate to do this since it violates our process and we
already have a large number of PLIPs waiting for review, but I am
proposing this PLIP for Plone 3.1.
The reason I am willing to do this is that it improves the security of
Plone: it adds protection against the unfortunately quite common CSRF
type of attacks. The implementation is based on a long debate we
had in the security team recently as a result of a discussion with
a security researcher contacting us about possible Plone security issues.
At this moment I do not have a review bundle ready; I'm hoping that
someone will beat me to it since I have very little time to work on it.
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the Framework-Team
mailing list