@frgx @justinschuh: Also, the mandatory preflight is the whole point. I don’t think we can do without it.
@mikewest @frgx @justinschuh OTOH, this only protects against accessing the admin interface from LAN, not WAN, but it's the same (bad) code.
-
-
@BRIAN_____: You usually (I hope?) have to turn on WAN access explicitly. With luck, folks don't do that.@frgx@justinschuhThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@BRIAN_____: But if they do, EPR is one mitigation mechanism. Do you have ideas for others?@frgx@justinschuh -
@mikewest i prefer epr over the browser assuming a csrf vuln and just blocking@BRIAN_____@justinschuh -
@frgx: I see this as a compromise. My initial proposal was actually blocking.@BRIAN_____@justinschuh -
@frgx: put another way, why should the Internet have access to private network resources at all?@BRIAN_____@justinschuh -
@mikewest for all the use cases that people are using them for?@BRIAN_____@justinschuh -
@frgx: Why should we enable those use cases?@BRIAN_____@justinschuh -
@mikewest heh.. We seem to fundamentally disagree on this point and twitter wont help make any progress@BRIAN_____@justinschuh -
@frgx: Oh, come on. 140 characters should be enough for anyone! :)@BRIAN_____@justinschuh
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.