[tahoe-dev] Prevent CSRF attacks by making resources unforgeable, not by making them unshareable.
zooko
zooko at zooko.com
Wed Jul 16 21:40:24 UTC 2008
Dear cap-talk and tahoe-dev folks:
The Hack Tahoe! contest is not quite live. (I still need to put up
more pictures, describe Drew Pertulla's contribution, add example
files and directories that you can attack, and perhaps also make it
not be so ugly.)
But, I just went and wrote a long note trying to persuade the reader
that the current well-known approaches to preventing CSRF attacks are
inferior to the capabilities approach. And now I solicit your review
of that note to be sure that I haven't written anything wrong or
confusing.
So please read this page, but please do not post it to your favorite
news sites yet:
http://hacktahoe.org/csrf.html
Thank you!
Regards,
Zooko
More information about the tahoe-dev
mailing list