Tag: CSRF

Your mailbox table deserves better than raw SQL at 02:00. ViMbAdmin — modernised for PHP 8.5 — manages Postfix + Dovecot virtual domains, mailboxes and aliases via web UI or JSON-RPC API, with TOTP, brute-force protection and a hardened Docker image.

BREACH is a compression side-channel attack that can leak CSRF tokens and other secrets over HTTPS. Here is how the BREACH attack works, why padding is weak protection, and how to prevent it properly.