Forums : Ohloh General Discussion
Dear Open Hub Users,
We’re excited to announce that we will be moving the Open Hub Forum to
https://community.blackduck.com/s/black-duck-open-hub.
Beginning immediately, users can head over,
register,
get technical help and discuss issue pertinent to the Open Hub. Registered users can also subscribe to Open Hub announcements here.
On May 1, 2020, we will be freezing https://www.openhub.net/forums and users will not be able to create new discussions. If you have any questions and concerns, please email us at
[email protected]
Security bug on ohloh.. (pretty big one too..)
Hi,
I just noticed ohloh.net has a crossdomain file (http://www.ohloh.net/crossdomain.xml) with no restrictions.
By doing so you just enabled a big CSRF security hole, pretty much allowing any flash app performing actions on your users' behalf.
It is strongly adviced to create a separate domain for your api's (e.g.: api.ohloh.net) and not enabling any cookies there..
Hope this helps,
Evert
Until we have time to properly implement Flash support for the Ohloh API in a secure way, we've decided to drop the crossdomain.xml file.
I hope this isn't a terrible disruption for anyone, but technically this is the only good option for us right now.
