[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "RequestPolicy": can people take a look at it?



Hi,

> A smart security person pointed me to the "RequestPolicy" firefox 
> extension. I've had it on my todo list for a month but haven't found 
> time to look at it. Anybody here want to take a look, give it a spin,
>  decide if it solves an important problem, figure out how well it
> coexists with Noscript and Torbutton, etc?

I have RP installed beside NoScript, but without Torbutton.
It coexists very well with NoScript, you can allow/disallow all requests
to external "base domains", "full domains" and "full addresses", but
Scripts etc. from such domains and adresses are only allowed/disallowed
with the additional actions & functions from NoScript. The author says,
that he sees RP as an addition to NoScript. The context menu / handling
 is like NoScript or FoxyProxy. No blacklists so far and the whitelists
are static - you cannot edit the entries or use wildcards /RegEx
(requested and added to his list of planned features). Perhaps RP's
functions could or will be incorporated in things like NoScript,
Torbutton...don't know.

I have written a short German-language review in
<http://blog.kairaven.de/archives/1791-RequestPolicy-gegen-CSRF-fuer-Mozilla-Browser.html>
but you can follow
<http://ha.ckers.org/blog/20090117/request-policy-firefox-extention/> too ;)

-- 
Ciao
Kai

http://kairaven.de/
Mail per I2P: http://www.i2p2.de/