Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #110112
| Path | csiph.com!news.swapon.de!eternal-september.org!feeder.eternal-september.org!mx02.eternal-september.org!.POSTED!not-for-mail |
|---|---|
| From | Paul Rubin <no.email@nospam.invalid> |
| Newsgroups | comp.lang.python |
| Subject | Re: (repost) Advisory: HTTP Header Injection in Python urllib |
| Date | Sat, 18 Jun 2016 13:43:11 -0700 |
| Organization | A noiseless patient Spider |
| Lines | 10 |
| Message-ID | <877fdm9qjk.fsf@jester.gateway.pace.com> (permalink) |
| References | <87shwbmz0l.fsf@nightsong.com> <57649d22$0$1603$c3e8da3$5496439d@news.astraweb.com> <1466221941.3662846.641269641.7FFA59B4@webmail.messagingengine.com> <mailman.112.1466221943.2288.python-list@python.org> <576570a4$0$1607$c3e8da3$5496439d@news.astraweb.com> |
| Mime-Version | 1.0 |
| Content-Type | text/plain |
| Injection-Info | mx02.eternal-september.org; posting-host="a4ba9f006d4fba7a97cec7431fc63985"; logging-data="21533"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19vRb0IeEfpSmU6ZUyx19ns" |
| User-Agent | Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) |
| Cancel-Lock | sha1:Z+wz/JCrz8lWokAic6go658Repc= sha1:WUM1IGpH5JVZqi3UudpnymJcpvI= |
| Xref | csiph.com comp.lang.python:110112 |
Show key headers only | View raw
Steven D'Aprano <steve@pearwood.info> writes: >> The issue ... is cross-site request forgery. > Er, you may have missed that I'm talking about a single user setup. Are you > suggesting that I can't trust myself not to forge a request that goes to a > hostile site? I think the idea is you visit some website with malicious script that accesses your localhost resources from your browser. So it's not a matter of trusting yourself. Rather, it's one of trusting every website you visit, including the ad servers they transclude, etc.
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
(repost) Advisory: HTTP Header Injection in Python urllib Paul Rubin <no.email@nospam.invalid> - 2016-06-17 11:49 -0700
Re: (repost) Advisory: HTTP Header Injection in Python urllib Steven D'Aprano <steve@pearwood.info> - 2016-06-18 11:00 +1000
Re: (repost) Advisory: HTTP Header Injection in Python urllib Random832 <random832@fastmail.com> - 2016-06-17 23:52 -0400
Re: (repost) Advisory: HTTP Header Injection in Python urllib Steven D'Aprano <steve@pearwood.info> - 2016-06-19 02:02 +1000
Re: (repost) Advisory: HTTP Header Injection in Python urllib alister <alister.ware@ntlworld.com> - 2016-06-18 16:38 +0000
Re: (repost) Advisory: HTTP Header Injection in Python urllib Random832 <random832@fastmail.com> - 2016-06-18 13:28 -0400
Re: (repost) Advisory: HTTP Header Injection in Python urllib Steven D'Aprano <steve@pearwood.info> - 2016-06-22 01:27 +1000
Re: (repost) Advisory: HTTP Header Injection in Python urllib Jon Ribbens <jon+usenet@unequivocal.co.uk> - 2016-06-21 16:09 +0000
Re: (repost) Advisory: HTTP Header Injection in Python urllib Paul Rubin <no.email@nospam.invalid> - 2016-06-18 13:43 -0700
Re: (repost) Advisory: HTTP Header Injection in Python urllib Marko Rauhamaa <marko@pacujo.net> - 2016-06-18 11:35 +0300
csiph-web