Simon Willison’s Weblog

Subscribe

Friday, 23rd January 2009

CSRF is not a security issue for the Web. A well-designed Web service should be capable of receiving requests directed by any host, by design, with appropriate authentication where needed. If browsers create a security issue because they allow scripts to automatically direct requests with stored security credentials onto third-party sites, without any user intervention/configuration, then the obvious fix is within the browser.

Roy Fielding

# 8:14 am / browsers, credentials, csrf, royfielding, security

OpenStreetMap is growing rapidly across all of Africa. Mapping is spreading through local mappers, mappers on vacation, foreign nationals, and remote mapping using satellite imagery. A recent comparison judged that OSM had the most comprehensive coverage of Africa among web mapping services, especially in cities.

Mikel Maron

# 5:13 pm / africa, mapping, mikel-maron, openstreetmap