From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Nala Ginrut <nalaginrut@gmail.com>
Newsgroups: gmane.lisp.guile.user
Subject: Re: mailmam, web bridge, forum, p2p (was: Diversification)
Date: Thu, 24 Oct 2019 22:15:33 +0800
Message-ID: <CAPjoZod5v855SJ-jTng+pnYFz61LabOKxijMn38JTad4ze5SUw@mail.gmail.com>
References: <-IsD5PBFie-kW2VJSYNHx00LodtSHflKNWtY2vjNVQDN126iTMsqHrdxl8zeWE8a53TzM_27wskjsrylIh4bN5jIGVNYOBC6zmE3p1RGyBg=@protonmail.com>
 <CAD2gp_TgzrZNbZYKNfzgd-5sBq2j8YVhDHRM-q4K2Gpp3FD4XQ@mail.gmail.com>
 <CAL7_Mo_+jdEMEHsmrOhNSFASYprmri6hyTdAt-7QPRV_Xciz8w@mail.gmail.com>
 <20191023064813.6igo2qi2cwtcz5bz@pelzflorian.localdomain>
 <20191023113724.bf055453852ec206af8d7bef@gmail.com>
 <20191023112544.5s65wrzbexnlsj22@pelzflorian.localdomain>
 <20191023123343.wanooc44orpyo7tk@pelzflorian.localdomain>
 <c554dfa9-147b-92eb-9711-e366f2f6e9a8@posteo.de>
 <CAPjoZodXrcUMAbHMas_Q3GKEGKyc8pwapWoBMM-U9eYXGwJ3-g@mail.gmail.com>
 <CAL7_Mo8aN8Op70+AZh44nrBehJdgLWPNhUgsWR-o7NNQ2u6rxQ@mail.gmail.com>
 <20191024123023.rvedpc5uqrm5ku6v@pelzflorian.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="81293"; mail-complaints-to="usenet@blaine.gmane.org"
Cc: Guile User <guile-user@gnu.org>
To: "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de>
Original-X-From: guile-user-bounces+guile-user=m.gmane.org@gnu.org Thu Oct 24 17:52:58 2019
Return-path: <guile-user-bounces+guile-user=m.gmane.org@gnu.org>
Envelope-to: guile-user@m.gmane.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.89)
	(envelope-from <guile-user-bounces+guile-user=m.gmane.org@gnu.org>)
	id 1iNfQ1-000L2W-Sb
	for guile-user@m.gmane.org; Thu, 24 Oct 2019 17:52:58 +0200
Original-Received: from localhost ([::1]:45740 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guile-user-bounces+guile-user=m.gmane.org@gnu.org>)
	id 1iNfQ0-0002br-Hq
	for guile-user@m.gmane.org; Thu, 24 Oct 2019 11:52:56 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:36788)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <nalaginrut@gmail.com>) id 1iNdtz-0008VW-QJ
 for guile-user@gnu.org; Thu, 24 Oct 2019 10:15:48 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <nalaginrut@gmail.com>) id 1iNdty-0003rA-Ke
 for guile-user@gnu.org; Thu, 24 Oct 2019 10:15:47 -0400
Original-Received: from mail-yb1-xb31.google.com ([2607:f8b0:4864:20::b31]:38995)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <nalaginrut@gmail.com>)
 id 1iNdty-0003qX-E0
 for guile-user@gnu.org; Thu, 24 Oct 2019 10:15:46 -0400
Original-Received: by mail-yb1-xb31.google.com with SMTP id e9so640293ybp.6
 for <guile-user@gnu.org>; Thu, 24 Oct 2019 07:15:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=igXXd7zCJvKo3Y/tSizSfGxfRk2vGuEhx/qIRakS0R4=;
 b=oTIajsfJuZmdq/7Ry1hOxUfEun4UFonHTydHeflpNger5HotnmhYjJB8GiWb8KVypb
 g+ozSb9KnSUb9/6bP1AfETlvCx3CRvEoQphFIeeXjBUmBistsayu4Rc47odWEmMkwAHN
 1aJvZVDsIZMLbSqudlfVY8ohOx1p/VuDhw0IakfA55snfbcxtdjVLX6Ujv0nGY5J1mGz
 ouwr+uVueofsU96iysnv6/hVbn+koVWMEAI4WQOzdz7ht6ytMme8oMEzdVCq22OwdVu5
 g31/F6Ykcw1Ro+rJY/O2HbxPMJ5DAMQkCIYkhK/P26aWAcWJTP84ZkdRqa1HhjRsbHhc
 QldA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=igXXd7zCJvKo3Y/tSizSfGxfRk2vGuEhx/qIRakS0R4=;
 b=mfidJDKFU1HDrvF3wSbF1/omlfoGuMFQ94nzxlpEBv9QazT2nSwql9Sv0fCi+Kz7Gh
 ZRLkny2ynviaI1ebVaW2ml+/Kv5igqKGVeYlDACQh14mvcNzLLLxOwcvWGWkm1cei4bc
 z8kmuZ5sS1LN4bTRbK4lKWIWHsGkqs0H/cLhEymj7dK8/ItsrX6rKvlvfeU5n04rnfbi
 Fkdny14LWebrF1vNWJ63ENLFoyn3ODGHQgz3Buz7cBPZwruNWgSQDd8IncnJ1OrCcp09
 XA48qlQJn+srnfrFYrZTt0+9phZHodSUeUNl5nyVu9nrBmY7CQADp5l2QXKChd70IDHb
 NDeA==
X-Gm-Message-State: APjAAAW9esbUaz3r1wnzWVORXWuZt8F+mj1tS+jA0RZFpHiB0kibahrU
 57qk/kStB8LeQuIeykHCTZJuGBXfCQQnTr2JuS4=
X-Google-Smtp-Source: APXvYqy+04KmK/8WOnEeirtXNKXSUjz/Ko+WNqLNmpMUh/4HozKtgCMxg6XpzBcMnfu8JHcZUEj8T4H0dYovIoPkxEg=
X-Received: by 2002:a25:e441:: with SMTP id b62mr10198609ybh.81.1571926545165; 
 Thu, 24 Oct 2019 07:15:45 -0700 (PDT)
In-Reply-To: <20191024123023.rvedpc5uqrm5ku6v@pelzflorian.localdomain>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::b31
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: guile-user@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: General Guile related discussions <guile-user.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guile-user>,
 <mailto:guile-user-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guile-user>
List-Post: <mailto:guile-user@gnu.org>
List-Help: <mailto:guile-user-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guile-user>,
 <mailto:guile-user-request@gnu.org?subject=subscribe>
Errors-To: guile-user-bounces+guile-user=m.gmane.org@gnu.org
Original-Sender: "guile-user" <guile-user-bounces+guile-user=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.lisp.guile.user:15816
Archived-At: <http://permalink.gmane.org/gmane.lisp.guile.user/15816>

On Thu, Oct 24, 2019 at 8:30 PM pelzflorian (Florian Pelz) <
pelzflorian@pelzflorian.de> wrote:

> Because of login CSRF the Referer header should also be verified for
> all links internal to the website (external links should strip the
> Referer header via redirect pages similar to what the code attached to
> this mail does).
>
> I do not know what Artanis does currently.  I will check next week.
>
>
The current Artanis will check both session token (from cookies) and the
client IP.
This method was blamed to be overkilled because some users may be in the
same LAN with a unique external IP.
But I think IPv6 will cover this world finally, so I think this would be
the best way to go.
Of course, there's no conflict to add extra verification token. Patches or
proposals are welcome. ;-)

Best regards.