Fixing CSRF exploits in Infrastructure
a.badger at gmail.com
Wed Nov 26 18:18:25 UTC 2008
Chuck Anderson wrote:
> On Wed, Nov 26, 2008 at 09:47:06AM -0800, Toshio Kuratomi wrote:
>> Pretty much agreed on this analysis. My one note is that in my usage,
>> at least, I already have to login most of the time when clicking on a
>> link in bugzilla or email due to my session having expired already.
> Stange. I almost never have to re-login to bugzilla once I've logged
> in on a particular system.
We're talking about comments added to bugzilla that link to the Fedora
Web Applications (pkgdb, bodhi, etc).
Bugzilla has its own cookies and authentication structure that we won't
be messing with as part of this.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20081126/8baea5eb/attachment.bin
More information about the infrastructure