On Wednesday 05 April 2006 00:31, steve szmidt wrote:
> On Wednesday 05 April 2006 00:16, Paul M Foster wrote:
> > I need someone more expert in security than me, perhaps someone at NKS,
> > since the SLUG site is hosted there. I'm seeing what appear to be
> > "probes" of the SLUG site. Someone is going to (for example) the
> > volunteer page, and filling out the form. A typical example is as
> > follows:
>
> Looks like a cross site request forgery.
>
> Since a browser does not know what to expect when it hits a web site it
> will collect what is being offered. They are trying to have Your computer
> go to their website and pickup something. Possibly a root kit.
>
> If you use php make sure it has been locked down properly.
Eh, the common way to block this is to use a token in your form. Stick to
using POST which is safer than GET. Usually the above is accomplished with
java. By inserting a unique token for each session it becomes very hard to
sneak in.
This is one reason many commerce sites requires cookies because with it they
can ensure only their own requests are being executed. You generate a unique
number, and then verify it when processing the form.
--Steve Szmidt
"For evil to triumph all that is needed is for good men to do nothing. Edmund Burke ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:31:42 EDT