canmove, Confirmed users
1,537
edits
Security/Features/Intranet CSRF Blocker: Difference between revisions
Security/Features/Intranet CSRF Blocker (view source)
Revision as of 21:17, 22 November 2013
, 22 November 2013no edit summary
No edit summary |
No edit summary |
||
| (2 intermediate revisions by one other user not shown) | |||
| Line 5: | Line 5: | ||
}} | }} | ||
{{FeatureTeam | {{FeatureTeam | ||
|Feature product manager= | |Feature product manager=Sid Stamm | ||
|Feature lead engineer=Steve Workman | |Feature lead engineer=Steve Workman | ||
|Feature additional members=Brian Smith | |||
}} | }} | ||
{{FeaturePageBody | {{FeaturePageBody | ||
| Line 19: | Line 20: | ||
* [http://www.symantec.com/avcenter/reference/Driveby_Pharming.pdf "Drive-By Pharming"] | * [http://www.symantec.com/avcenter/reference/Driveby_Pharming.pdf "Drive-By Pharming"] | ||
* [http://ha.ckers.org/blog/20080108/cross-site-printing/ "Cross site printing"] | * [http://ha.ckers.org/blog/20080108/cross-site-printing/ "Cross site printing"] | ||
|Feature dependencies=See related {{bug|354493}}. Dependencies: | |||
<bugzilla> | |||
{ | |||
"status": ["NEW", "UNCONFIRMED", "RESOLVED", "REOPENED"], | |||
"blocks": "354493", | |||
"include_fields": "id, summary, status" | |||
} | |||
</bugzilla> | |||
|Feature non-goals=The reverse case, where a web page on a private network sends requests for non-private resources, is common and is not considered an attack case that we are trying to prevent. | |Feature non-goals=The reverse case, where a web page on a private network sends requests for non-private resources, is common and is not considered an attack case that we are trying to prevent. | ||
}} | }} | ||
{{FeatureInfo | {{FeatureInfo | ||
|Feature priority=P2 | |Feature priority=P2 | ||
|Feature theme=Product Hardening | |||
|Feature roadmap=Security | |Feature roadmap=Security | ||
|Feature engineering team=Networking | |Feature engineering team=Networking | ||
}} | }} | ||
{{FeatureTeamStatus}} | {{FeatureTeamStatus}} | ||