Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #110110

Re: (repost) Advisory: HTTP Header Injection in Python urllib

From Random832 <random832@fastmail.com>
Newsgroups comp.lang.python
Subject Re: (repost) Advisory: HTTP Header Injection in Python urllib
Date 2016-06-18 13:28 -0400
Message-ID <mailman.119.1466270939.2288.python-list@python.org> (permalink)
References (1 earlier) <57649d22$0$1603$c3e8da3$5496439d@news.astraweb.com> <1466221941.3662846.641269641.7FFA59B4@webmail.messagingengine.com> <mailman.112.1466221943.2288.python-list@python.org> <576570a4$0$1607$c3e8da3$5496439d@news.astraweb.com> <1466270936.1206591.641594473.5759A310@webmail.messagingengine.com>

Show all headers | View raw


On Sat, Jun 18, 2016, at 12:02, Steven D'Aprano wrote:
> Er, you may have missed that I'm talking about a single user setup.
> Are you suggesting that I can't trust myself not to forge a request
> that goes to a hostile site?
>
> It's all well and good to say that the application is vulnerable to
> X-site attacks, but how does that relate to a system where I'm the
> only user?

I don't think you understand what cross-site request forgery is, unless
your definition of "single user setup" includes not connecting to the
internet at all. The point is that one site causes the client to send a
request (not desired by the user) to another site. That the client is a
single-user system makes no difference.

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

(repost) Advisory: HTTP Header Injection in Python urllib Paul Rubin <no.email@nospam.invalid> - 2016-06-17 11:49 -0700
  Re: (repost) Advisory: HTTP Header Injection in Python urllib Steven D'Aprano <steve@pearwood.info> - 2016-06-18 11:00 +1000
    Re: (repost) Advisory: HTTP Header Injection in Python urllib Random832 <random832@fastmail.com> - 2016-06-17 23:52 -0400
      Re: (repost) Advisory: HTTP Header Injection in Python urllib Steven D'Aprano <steve@pearwood.info> - 2016-06-19 02:02 +1000
        Re: (repost) Advisory: HTTP Header Injection in Python urllib alister <alister.ware@ntlworld.com> - 2016-06-18 16:38 +0000
        Re: (repost) Advisory: HTTP Header Injection in Python urllib Random832 <random832@fastmail.com> - 2016-06-18 13:28 -0400
          Re: (repost) Advisory: HTTP Header Injection in Python urllib Steven D'Aprano <steve@pearwood.info> - 2016-06-22 01:27 +1000
            Re: (repost) Advisory: HTTP Header Injection in Python urllib Jon Ribbens <jon+usenet@unequivocal.co.uk> - 2016-06-21 16:09 +0000
        Re: (repost) Advisory: HTTP Header Injection in Python urllib Paul Rubin <no.email@nospam.invalid> - 2016-06-18 13:43 -0700
    Re: (repost) Advisory: HTTP Header Injection in Python urllib Marko Rauhamaa <marko@pacujo.net> - 2016-06-18 11:35 +0300

csiph-web