Ticket #1831 (new defect)

Opened 2 years ago

Last modified 9 months ago

Check that a POST comes from the same server

Reported by: madarche Assigned to: madarche
Priority: P3 Milestone: CPS 3.5.0
Component: CPS (global) Version: TRUNK
Severity: major Keywords: security XSS
Cc:

Description

http://www.sencer.de/article/122/securing-forms-with-post-is-not-enough

We should automatically add a cryptographic nonce (formkey) to the forms we generate, to prevent this.

This ticket is related to #630.

Change History

10/05/07 11:50:06 changed by madarche

  • priority changed from P2 to P3.

04/24/08 11:42:05 changed by madarche

  • milestone changed from CPS 3.4.7 to CPS 3.5.0.