Hello,
There's a security problem in the current Alpha Auth Code:
previous_url= cherrypy.request.headers.get("Referer", "/")
is used to determine which page requested the authentication
Problem is: A foreign site could forward the unsuspecting user to this
page, and then get the
Auth Data returned for free, because the Referer points back to the
Attacker's Site.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/turbogears
-~----------~----~----~----~------~----~------~--~---
