[Framework-Team] PLIP 224: CSRF protection framework
Andreas Zeidler
az at zitc.de
Thu Jan 31 20:58:50 UTC 2008
On Jan 31, 2008, at 7:15 PM, Wichert Akkerman wrote:
> See http://plone.org/products/plone/roadmap/224 for details.
>
> I absolutely hate to do this since it violates our process and we
> already have a large number of PLIPs waiting for review, but I am
> proposing this PLIP for Plone 3.1.
definitely a +1 on this from me. not doing it right away simply
doesn't make sense, imho...
> The implementation is based on a long debate we
> had in the security team recently as a result of a discussion with
> a security researcher contacting us about possible Plone security
> issues.
...and we can't keep them holding back their paper for too long, anyway.
> At this moment I do not have a review bundle ready; I'm hoping that
> someone will beat me to it since I have very little time to work on
> it.
hmm, i guess i could try to set up a buildout, but what's the status
about determining the relevant forms and adding the protection to them?
andi
--
zeidler it consulting - http://zitc.de/ - info at zitc.de
friedelstraße 31 - 12047 berlin - telefon +49 30 25563779
pgp key at http://zitc.de/pgp - http://wwwkeys.de.pgp.net/
plone 3.0.5 released! -- http://plone.org/products/plone
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.plone.org/pipermail/plone-framework-team/attachments/20080131/820d7fc7/attachment.sig>
More information about the Framework-Team
mailing list