Items tagged csrf in Sep, 2007
User account breaches are inevitable. We should take that in to account when designing our applications.[... 545 words]
Currently WebRunner applications share cookies with other WebRunner applications, but not with Firefox. WebRunner uses its own profile, not Firefox’s profile. There is a plan to allow WebRunner applications to create their own, private profiles as well.
hasAccount. Stuart proposes a light-weight API for letting any site know if a user has an account (and is signed in) on another service. I wouldn’t want to deploy this without being confident that my CSRF protection was in order. # 28th September 2007, 9:10 am
WebRunner 0.7—New and Improved. A simple application for running a site-specific browser for a service (e.g. Twitter, Gmail etc). This is a great idea: it isolates your other browser windows from crashes and also isolates your cookies, helping guard against CSRF attacks. # 27th September 2007, 1:55 pm