#16827: validate CSRF token (Check length)
-------------------+-------------------------------
Reporter: jedie | Owner: nobody
Type: Bug | Status: new
Milestone: | Component: Uncategorized
Version: 1.3 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Easy pickings: 1
UI/UX: 0 |
-------------------+-------------------------------
I wonder that the CSRF token send from the client didn't be validated.
Don't know if a DOS attack is possible by sending many request with very
long CSRF tokens?
IMHO it's a good idea to check the length before do anything with it.
See also: https://groups.google.com/group/django-
developers/browse_thread/thread/9fc008d2a3735bc2
--
Ticket URL: <https://code.djangoproject.com/ticket/16827>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
