Item2500: BlackListPlugin no longer needs magic key protection of registration as this has become core feature

pencil
Priority: Normal
Current State: Closed
Released In:
Target Release: n/a
Applies To: Extension
Component: BlackListPlugin
Branches:
Reported By: KennethLavrsen
Waiting For: Main.KennethLavrsen
Last Change By: KennethLavrsen
BlackListPlugin is under a solid rewrite.

One of the things that happened was that I decided to add a one code line change to the core so registration is protected against CSRF using our standard CSRF protection feature. This effectively does the same as BlackListPlugin preventing bots from performing a registration.

In fact it does it better if you have strikeone level CSRF protection enabled (default).

For BlackListPlugin for Foswiki this means that the magic key feature is removed so the plugin leaves a lighter footprint.

-- KennethLavrsen - 12 Dec 2009

ItemTemplate edit

Summary BlackListPlugin no longer needs magic key protection of registration as this has become core feature
ReportedBy KennethLavrsen
Codebase 1.0.8, trunk
SVN Range
AppliesTo Extension
Component BlackListPlugin
Priority Normal
CurrentState Closed
WaitingFor KennethLavrsen
Checkins BlackListPlugin:a2db3bed853b
TargetRelease n/a
ReleasedIn
Topic revision: r2 - 04 Jan 2010, KennethLavrsen - This page was cached on 08 Dec 2016 - 21:31.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License