6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
9/20/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#2565] Firefox 3 bookmarks extension
*
Your Email Address
*
Spam protection
Enter the letters below:
.__ .\ /._.. , [__) | >< | \./ [__)\__|/ \_|_ |
Comment
>>> As for security, I think the point is moot, now that the only way > >>> anything useful can be retrieved is with a POST, and nobody should be > >>> able to forge and read with POST, right? > >> > >> No, POSTs can be forged as well. > > > > OK, can you think of a way I can transparently implement security? I > only know of putting something at the beginning of the JSON, so that > we can strip it off but nobody else can because they can't read it > directly. Unfortunately, I'm guessing this will break the JSON-RPC > spec. > > > >> > >>> just like an XPI had been installed there. But if I understand what > >>> you're saying, it would be neat. The XPI could be downloaded from > >>> the Horde server, which would allow us to throw in some subtle > >>> features like making the XPI's default server URL be the server > >>> you're downloading from. (Perhaps that would not be desirable, > >>> though.) Is that what you meant? > >> > >> Exactly. And I actually started working on this yesterday, maybe I > >> can show something in the next few days. > > > > OK, thanks!
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers