XSRF/CSRF protection

1 view
Skip to first unread message

Guido van Rossum

unread,
Sep 26, 2009, 6:08:57 PM9/26/09
to codereview-discuss
All,

I've just added protection against cross-site request forgery attacks
to Rietveld (r466 in SVN HEAD). I know a lot of people are running
their own copy of Rietveld -- you know who you are! I urge you to pick
up this fix to make your site safer.

For more info about XSRF/CSRF (the same thing by two different names),
read the Wikipedia article: http://en.wikipedia.org/wiki/XSRF

--
--Guido van Rossum (home page: http://www.python.org/~guido/)

Vincent Zanotti

unread,
Sep 28, 2009, 7:27:08 PM9/28/09
to coderevie...@googlegroups.com
Hi,

I've just added protection against cross-site request forgery attacks
to Rietveld (r466 in SVN HEAD). I know a lot of people are running
their own copy of Rietveld -- you know who you are! I urge you to pick
up this fix to make your site safer.

Thanks Guido!
For your information, I have just updated the AppsLabs instance of Rietveld to the latest upstream revision (r468).

Cheers,
Vincent
 
For more info about XSRF/CSRF (the same thing by two different names),
read the Wikipedia article: http://en.wikipedia.org/wiki/XSRF

--
--Guido van Rossum (home page: http://www.python.org/~guido/)

--
Vincent Zanotti
Adsense Engineering - Google UK Limited

Registered Office: Belgrave House, 76 Buckingham Palace Road, London SW1W 9TQ
Registered in England Number: 3977902
Reply all
Reply to author
Forward
0 new messages