Fixing CSRF exploits in Infrastructure
Toshio Kuratomi
a.badger at gmail.com
Tue Nov 25 22:57:54 UTC 2008
Till Maas wrote:
> On Tue November 25 2008, Mike McGrath wrote:
>
>> GET vs POST is an interesting discussion. From a security point of view
>> though the only advantage is in how we log and that GET requests stay in
>> the logs.
>
> There may be also some other issues, e.g. when GET requests are used to submit
> confidential data, because then they may also be stored in the browsers
> history. But my concern was not about security issues.
>
>> Obviously though an authenticated web crawler could do accidently do some
>> serious damage.
>
> It would not be necessarily be serious damage, but the browser's session
> management could show annoying beheaviour, because then some requests could
> be made everytime a user restores are browser session.
>
For these issues we could either concentrate on fixing or mitigating
them. Fixing them would require the laborious changes I talked about
earlier to change the way the framework already processes the POST and
GET parameters before they get to us. Mitigation is easier -- we should
make it part of our best practices to never have links or GET driven
forms that make state changes when designing the UI and templates.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20081125/cd31154e/attachment.sig>
More information about the Fedora-infrastructure-list
mailing list