"RequestPolicy": can people take a look at it?

Karsten N. tor-admin at privacyfoundation.de
Thu Jan 29 08:52:50 UTC 2009


Hi,

I have installed "RequestPolicy" a week ago. It blocks requests to
other websites than the called site and so it disables "cross-site
request forgery" attacks and some other attacks, which are based on
load of stuff from an other server than the called website.

Sometimes you have to allow some sites to request some other stuff.
Like other security plug-ins you have to train your exeptions.
This is done like NoScript. If you were familiar with NoScript, it is
not problem. For some mainstream sites there are predefined exeptions.

I can not see any problems with NoScript, TorButton, CockieSafe.... at
the moment. It works only with Firefox version 3.0 and above.

greetings
Karsten N.

Roger Dingledine schrieb:
> Hi folks,
> 
> A smart security person pointed me to the "RequestPolicy" firefox
> extension. I've had it on my todo list for a month but haven't found
> time to look at it. Anybody here want to take a look, give it a spin,
> decide if it solves an important problem, figure out how well it coexists
> with Noscript and Torbutton, etc?
> 
> Thanks!
> --Roger




More information about the tor-talk mailing list