Fixing CSRF exploits in Infrastructure

Toshio Kuratomi a.badger at
Wed Nov 26 18:18:25 UTC 2008

Chuck Anderson wrote:
> On Wed, Nov 26, 2008 at 09:47:06AM -0800, Toshio Kuratomi wrote:
>> Pretty much agreed on this analysis.  My one note is that in my usage,
>> at least, I already have to login most of the time when clicking on a
>> link in bugzilla or email due to my session having expired already.
> Stange.  I almost never have to re-login to bugzilla once I've logged 
> in on a particular system.
We're talking about comments added to bugzilla that link to the Fedora
Web Applications (pkgdb, bodhi, etc).

Bugzilla has its own cookies and authentication structure that we won't
be messing with as part of this.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : 

More information about the infrastructure mailing list