CSRF protection implementation in core CKAN.
27 views
Skip to first unread message
saurabh jangir
Feb 12, 2018, 8:50:14 AM2/12/18
to CKAN Global User Group (Non-technical questions)
I would like to know what is the situation of the vulnerabilty problem of the CSRF in CKAN. This extension could be used https://github.com/data-govt-nz/ckanext-security for providing security features in CKAN. But as of my understanding, I don't think there is any implementation of CSRF protection in Core CKAN code.
Is there any implementation of CSRF protection available in Core CKAN code? If not, How can we implement it in core CKAN?
David Read
Feb 12, 2018, 10:12:09 AM2/12/18
to ckan-global...@googlegroups.com
Saurabh,
Welcome to this ckan group! It's a good question, but I'm afraid we
reserve this group for policy discussions, not technical. Please ask
this to ckan-dev list or on stackoverflow #ckan.
David
> --
> You received this message because you are subscribed to the Google Groups
> "CKAN Global User Group (Non-technical questions)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ckan-global-user-...@googlegroups.com.
> To post to this group, send email to
> ckan-global...@googlegroups.com.
> Visit this group at https://groups.google.com/group/ckan-global-user-group.
> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/ckan-global-user-group/1432f2c3-8686-4e05-a60c-60f9f89d2ea7%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Welcome to this ckan group! It's a good question, but I'm afraid we
reserve this group for policy discussions, not technical. Please ask
this to ckan-dev list or on stackoverflow #ckan.
David
> You received this message because you are subscribed to the Google Groups
> "CKAN Global User Group (Non-technical questions)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ckan-global-user-...@googlegroups.com.
> To post to this group, send email to
> ckan-global...@googlegroups.com.
> Visit this group at https://groups.google.com/group/ckan-global-user-group.
> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/ckan-global-user-group/1432f2c3-8686-4e05-a60c-60f9f89d2ea7%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
saurabh jangir
Feb 12, 2018, 11:11:41 PM2/12/18
to CKAN Global User Group (Non-technical questions)
Thanks for the response, I've understood your point and currently I am tracking this question at stackoverflow.
Following is the link of same query at stack overflow
On Monday, 12 February 2018 20:42:09 UTC+5:30, david.read wrote:
Saurabh,
Welcome to this ckan group! It's a good question, but I'm afraid we
reserve this group for policy discussions, not technical. Please ask
this to ckan-dev list or on stackoverflow #ckan.
David
On 12 February 2018 at 13:50, saurabh jangir <saurab...@gmail.com> wrote:
> I would like to know what is the situation of the vulnerabilty problem of
> the CSRF in CKAN. This extension could be used
> https://github.com/data-govt-nz/ckanext-security for providing security
> features in CKAN. But as of my understanding, I don't think there is any
> implementation of CSRF protection in Core CKAN code.
> Is there any implementation of CSRF protection available in Core CKAN code?
> If not, How can we implement it in core CKAN?
>
> --
> You received this message because you are subscribed to the Google Groups
> "CKAN Global User Group (Non-technical questions)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ckan-global-user-group+unsub...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages