« Ninjas vs. Grokkers
Plone on Google App Engine, Anyone? »

Plone Cross-Site Request Forgery

18Mar08

If you have been paying attention to Plone checkins, you might have noticed some checkins mentioning CSRF (Cross-Site Request Forgery) flying by. Today Secunia released an advisory about the issue.

As can be seen from the referenced paper, web technologies make some things just way too simple to hack around.

On a unrelated note, call me luddite, but I really think moving our life to the cloud presents way more unforeseen threats than our little brains can imagine.


Filed under: plone, security, web2.0   |  Comments
Tags:

2 Responses to “Plone Cross-Site Request Forgery”

Feed for this Entry Trackback Address
  1. 1 yurj on March 19, 2008 said:

    well, the attack was known but a lot of time, and wasn’t fixed. This is a shame, I think.

    Reply
  2. 2 witsch on March 19, 2008 said:

    actually, the paper was already released last thursday — see http://www.securityfocus.com/archive/1/489544

    and work on a hotfix is in progress…

    cheers,

    andi

    Reply

« Ninjas vs. Grokkers
Plone on Google App Engine, Anyone? »

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.