On Tue, Mar 11, 2008 at 03:39:22PM +0100, Plüm, Rüdiger, VF-Group wrote: > > It occurred to me recently that it is relatively simple to prevent > > "CSRF" attacks against the balancer-handler (see CVE-2007-6420), by > > generating a "secret" nonce at startup and requiring the presence of > > that secret in the submitted parameters. > > > > Any objections? > > Just that I understand this correctly: The GET requests that actually do > some configuration changes via the balancer manager become invalid as > soon as httpd is restarted (gracefull restart is not sufficient, correct?). > As long as httpd keeps running the GET requests remain valid and can be > reused.
Correct. If you submit a form making some balancer config changes, and httpd has been through a full stop/start since the form was loaded into the browser, the changes will be ignored. (You could perhaps argue that this is a good thing anyway, since the balancer config may have changed completely in the restart?) joe
