[RCU] Search Via HTTP GET

Steve Perkins sp at strategicbookings.com
Tue May 12 16:55:15 CEST 2015


ano kajan

Sent from Type Mail



On 9:47PM, May 12, 2015, at 9:47PM, Andrew Davidson <andrew at amdavidson.com> wrote:
>On 2015-05-12 09:37, Reindl Harald wrote:
>> 
>> read the wiki article
>> 
>> CSRF is not about "verify authentication state", it is about a link
>> from the attacker leads in trigger a  action in a web-application
>> *because you are authenticated* and hence there is a CRSF-token
>
>I wasn't sufficiently clear, I don't intend to scrape the data and
>embed 
>it into another application.
>
>I plan to have the application redirect to RC itself, in the browser. 
>The other application will never have access to the results of that
>page 
>and it will not redirect back.
>
>Again, no different than you clicking on this link: 
>http://www.amazon.com/s/?tag=duc0c-20&url=search-alias%3Daps&field-keywords=barbecue
>
>Your mail client will have no access to your Amazon account, but the 
>search request will still be executed.
>_______________________________________________
>Roundcube Users mailing list
>users at lists.roundcube.net
>http://lists.roundcube.net/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.roundcube.net/pipermail/users/attachments/20150512/74d9e981/attachment.html>


More information about the users mailing list