Fixing CSRF exploits in Infrastructure

Toshio Kuratomi a.badger at gmail.com
Tue Nov 25 22:57:54 UTC 2008


Till Maas wrote:
> On Tue November 25 2008, Mike McGrath wrote:
> 
>> GET vs POST is an interesting discussion.  From a security point of view
>> though the only advantage is in how we log and that GET requests stay in
>> the logs.
> 
> There may be also some other issues, e.g. when GET requests are used to submit 
> confidential data, because then they may also be stored in the browsers 
> history. But my concern was not about security issues.
> 
>> Obviously though an authenticated web crawler could do accidently do some
>> serious damage.
> 
> It would not be necessarily be serious damage, but the browser's session 
> management could show annoying beheaviour, because then some requests could 
> be made everytime a user restores are browser session.
> 
For these issues we could either concentrate on fixing or mitigating
them.  Fixing them would require the laborious changes I talked about
earlier to change the way the framework already processes the POST and
GET parameters before they get to us.  Mitigation is easier -- we should
make it part of our best practices to never have links or GET driven
forms that make state changes when designing the UI and templates.

-Toshio

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20081125/cd31154e/attachment.sig>


More information about the Fedora-infrastructure-list mailing list