Fixing CSRF exploits in Infrastructure

Toshio Kuratomi a.badger at
Wed Nov 26 00:39:59 UTC 2008

Till Maas wrote:
> On Tue November 25 2008, Toshio Kuratomi wrote:
>> For these issues we could either concentrate on fixing or mitigating
>> them.  Fixing them would require the laborious changes I talked about
>> earlier to change the way the framework already processes the POST and
>> GET parameters before they get to us.
> I guess it would be enough only to check whether the request is a POST-request 
> without checking where the variables come from. This is maybe available in 
> this variable: cherrypy.request.method
The information is there.  but it has to be checked.  So  someone would
have to audit changes to see if a method now allows changes to be made
without having added an error condition if the request was made via GET
instead of POST.  This is more on-going work than tying the check to the
check for an authenticated user.

>> Mitigation is easier -- we should 
>> make it part of our best practices to never have links or GET driven
>> forms that make state changes when designing the UI and templates.
> This is also needed, if you check for the request method, because otherwise 
> you would have broken links.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : 

More information about the infrastructure mailing list