Fixing CSRF exploits in Infrastructure
Toshio Kuratomi
a.badger at gmail.com
Wed Nov 26 00:39:59 UTC 2008
Till Maas wrote:
> On Tue November 25 2008, Toshio Kuratomi wrote:
>
>> For these issues we could either concentrate on fixing or mitigating
>> them. Fixing them would require the laborious changes I talked about
>> earlier to change the way the framework already processes the POST and
>> GET parameters before they get to us.
>
> I guess it would be enough only to check whether the request is a POST-request
> without checking where the variables come from. This is maybe available in
> this variable: cherrypy.request.method
>
The information is there. but it has to be checked. So someone would
have to audit changes to see if a method now allows changes to be made
without having added an error condition if the request was made via GET
instead of POST. This is more on-going work than tying the check to the
check for an authenticated user.
>> Mitigation is easier -- we should
>> make it part of our best practices to never have links or GET driven
>> forms that make state changes when designing the UI and templates.
>
> This is also needed, if you check for the request method, because otherwise
> you would have broken links.
>
Right.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20081125/4c86fce0/attachment.bin
More information about the infrastructure
mailing list