Skip to content
This repository has been archived by the owner on Aug 5, 2018. It is now read-only.

simple csrf protection #10

Open
hajo-p opened this issue Jan 24, 2014 · 3 comments
Open

simple csrf protection #10

hajo-p opened this issue Jan 24, 2014 · 3 comments
Assignees
@DSchalla
Labels
feature php security

Comments

@hajo-p
Copy link
Member

hajo-p commented Jan 24, 2014

No description provided.

@ghost ghost assigned hajo-p Jan 24, 2014
@laszlokorte
Copy link

Currently records (users, tags) can be deleted via GET request...

@hajo-p
Copy link
Member Author

hajo-p commented Feb 4, 2014

csrf won't stop that, it's up to the access control to defend such things. access control is not implemented yet, but will be before first rc is out.

@DSchalla
Copy link
Contributor

That's wrong. CSRF is exactly the attack vector which avoids easily access control, since you attack with the rights of the user. @laszlokorte is correct with that.

@DSchalla DSchalla assigned DSchalla and unassigned hajo-p Sep 17, 2014
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@DSchalla DSchalla

Labels
feature php security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@laszlokorte @hajo-p @DSchalla