ano kajan

Sent from Type Mail

On May 12, 2015, at 9:47PM, Andrew Davidson <andrew@amdavidson.com> wrote:
On 2015-05-12 09:37, Reindl Harald wrote:

read the wiki article

CSRF is not about "verify authentication state", it is about a link
from the attacker leads in trigger a action in a web-application
*because you are authenticated* and hence there is a CRSF-token

I wasn't sufficiently clear, I don't intend to scrape the data and embed
it into another application.

I plan to have the application redirect to RC itself, in the browser.
The other application will never have access to the results of that page
and it will not redirect back.

Again, no different than you clicking on this link:
http://www.amazon.com/s/?tag=duc0c-20&url=search-alias%3Daps&field-keywords=barbecue

Your mail client will have no access to your Amazon account, but the
search request will still be executed.


Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users