[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GSoC] Development of Cuirass.

From: Mathieu Lirzin
Subject: Re: [GSoC] Development of Cuirass.
Date: Sun, 12 Mar 2017 19:41:12 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

Hello Florian,

"pelzflorian (Florian Pelz)" <address@hidden> writes:

> On 03/12/2017 03:49 PM, Mathieu Lirzin wrote:
>> Sensitive requests should be done with an
>>   authentification mechanism which is not determined yet.  I currently
>>   have no experience with any and lack the knowledge to properly choose
>>   one.
> I’m new to Guix and Scheme and no expert in Web programming, but in
> order to prevent CSRF and in order not to rely on JavaScript, the server
> should run with HTTPS (of course) and
> · use a secret session token and
> · send a customized Web page to the client adapted so that each link and
> form to the server includes the session token as a GET or POST parameter.
> An alternative is Basic Access Authentication with HTTPS or Cookies with
> HTTPS but they are vulnerable to CSRF.
> See stackoverflow, for example

Thanks for your input.

Have you any experience/advice regarding OAuth or Json Web Token (JWT) ?

Mathieu Lirzin
GPG: F2A3 8D7E EB2B 6640 5761  070D 0ADE E100 9460 4D37

reply via email to

[Prev in Thread] Current Thread [Next in Thread]