Hello Am 13.12.21 um 12:09 schrieb Sebastian Hagedorn: > Hi, > > thanks for the recent security fixes regarding potential CSRF attacks! I > checked our mischief logs for relevant messages today and the only one I > found was this: > > Nov 24 19:33:24 2021 (117276) Form for user x...@smail.uni-koeln.de > submitted with CSRF token issued for x...@smail.uni-koeln.de. > > The only difference is in the case of the email address. I’m no expert > on CSRF attacks, but to me it seems as though the comparison should > perhaps disregard differences in case only? >
As local part of an email address can be case sensitive, this should only be case insensitive for the domain part. Kind regards, Christian Mack -- Christian Mack Mailinglisten-Administration Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung & Lehre 78457 Konstanz, Deutschland ++49 7531 88 4416 ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
