[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fixing CSRF exploits in Infrastructure



Till Maas wrote:
> On Tue November 25 2008, Toshio Kuratomi wrote:
> 
>> For these issues we could either concentrate on fixing or mitigating
>> them.  Fixing them would require the laborious changes I talked about
>> earlier to change the way the framework already processes the POST and
>> GET parameters before they get to us.
> 
> I guess it would be enough only to check whether the request is a POST-request 
> without checking where the variables come from. This is maybe available in 
> this variable: cherrypy.request.method
> 
The information is there.  but it has to be checked.  So  someone would
have to audit changes to see if a method now allows changes to be made
without having added an error condition if the request was made via GET
instead of POST.  This is more on-going work than tying the check to the
check for an authenticated user.

>> Mitigation is easier -- we should 
>> make it part of our best practices to never have links or GET driven
>> forms that make state changes when designing the UI and templates.
> 
> This is also needed, if you check for the request method, because otherwise 
> you would have broken links.
> 
Right.

-Toshio

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]