Protection against CSRF and similar
Håkon
I've had this idea about how a browser could allow end users to protect
themselves against CSRF and similar attacks. You can read about it at
http://my.opera.com/haakeyar/blog/csrf-we-need-protection. (I'm sorry for
posting it on the community site for the Opera browser, but I just needed a
place to post it and I already had an account at Opera, so...)
It was also mentioned in the last episode of The Command Line Podcast, at
http://thecommandline.net/2007/12/23/news_125/
What do you guys think about this? Is it something that could be implemented
some time in the future? Should a bug be filed about it?
I understand that this in could be sort of overlapping with bug 117222, but
in my opinion it is not exactly the same, even though a solution for this
one would be a solution for that one.
I also understand that maybe this should be in the wishlist-group instead,
but since it is very security-related, I decided to post it here. Feel free
to point me somewhere else.
Regards,
Håkon
Eddy Nigg (StartCom Ltd.)
Håkon wrote:
> I've had this idea about how a browser could allow end users to protect
> themselves against CSRF and similar attacks. You can read about it at
> http://my.opera.com/haakeyar/blog/csrf-we-need-protection. (I'm sorry for
> posting it on the community site for the Opera browser, but I just needed a
> place to post it and I already had an account at Opera, so...)
...and what prevents Opera from simply implementing your proposal? I'm
just curious what makes you care about other browsers in that respect or
are there potential implications (for Opera) if you'd go ahead as the
only browser?
--
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: star...@startcom.org <xmpp:star...@startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
Håkon
> Håkon wrote:
>>(I'm sorry for
>> posting it on the community site for the Opera browser, but I just needed
>> a place to post it and I already had an account at Opera, so...)
> ...and what prevents Opera from simply implementing your proposal? I'm
> just curious what makes you care about other browsers in that respect or
> are there potential implications (for Opera) if you'd go ahead as the
> only browser?
connection to Opera. It's just that I had signed up on their
forums/community, and you get a blog there when you do that. I don't have
a "real" blog (and I probably won't create one before I buy my own domain),
and I needed a place to post the idea, so I decided to use that blogging
service. I have posted about it in the Opera wishlist forum, but with no
reply yet.
I use both Opera and Firefox, and I therefore care about both, and even if I
didn't use Firefox, I'd cared because I wan't people to be secure on the
web and if one browser implements it, the others will hopefully follow it.
I understand that posting it on the Opera blog service was a little stupid,
but I hope you understand. If it is really a problem, I could post the
contents of the blog post directly here, but it is a little long, so I
won't if you can live with it being there.
Eddy Nigg (StartCom Ltd.)
> I understand that posting it on the Opera blog service was a little stupid,
> but I hope you understand. If it is really a problem, I could post the
> contents of the blog post directly here, but it is a little long, so I
> won't if you can live with it being there.
Opera....sorry for the mixup. Your blog entry is just fine wherever it
is now... ;-)