Ahh ok makes sense, you know to first sign up for the list serv before you
hit it up xD...
On Tue, Apr 17, 2018, 4:27 AM Jacques Le Roux,
wrote:
> It means that the person sends a message to the ML w/o being subscribed to
> it. So we (moderators) have to allow this
Hi Paul,
I tried hard to use it 9 months ago but did not succeed.
I even then inadvertently committed my then WIP work and then removed it at
http://svn.apache.org/viewvc?view=revision=1799243
I also tried the Tomcat RestCsrfPreventionFilter see my comment in OFBIZ-6766
at
It means that the person sends a message to the ML w/o being subscribed to it.
So we (moderators) have to allow this message to pass.
Jacques
Le 17/04/2018 à 04:49, Chris Clark a écrit :
What does yoyr message has been moderated mean?
On Mon, Apr 16, 2018, 3:00 AM Sonali Agrahari,
What does yoyr message has been moderated mean?
On Mon, Apr 16, 2018, 3:00 AM Sonali Agrahari,
wrote:
> Hello all,
>
> I am using OFBiz 12.04 version in my application.
> When logged in to the application as admin user and open web mail in
> another browser ,
Hi Michael,
I would say it is a vulnerability. OFBiz could make this distinction if we
add a hidden field to each form with a unique hash, and verify the hash is
correct when processing a POST. A spoofed form wouldn't have the right hash.
We are already using some of the OWASP (Open Web
Hi Sonali,
this is not a vulnerability.
You are logged in and posting a request from the same browser with the
same session. There is no chance for OFBiz to make a distiction between
a request initiated from an OFBiz generated page or any other page (like
your webmail) from the same
Hi Sonali,
Your last email has been moderated again
http://ofbiz.135035.n4.nabble.com/MODERATE-EMAIL-How-to-resolve-CSRF-attack-td4721783.html
The 1st one being https://markmail.org/message/jmkabexchsb7cvl2 4 months
ago.
Please, as Nabble also suggests you, consider to subscribe to the user ML
Hello all,
I am using OFBiz 12.04 version in my application.
When logged in to the application as admin user and open web mail in
another browser , suppose we received a mail which have link
http://xyz.com/activate.html .
The links points to html file as :
Bcc:
Date: Sun, 15 Apr 2018 21:08:07 -0700 (MST)
Subject: How to resolve CSRF attack
Hello all,
I am using OFBiz 12.04 version in my application.
When logged in to the application as admin user and open web mail in
another browser , suppose we received a mail which have link
http://xyz.com/act