Hi Paul,
You're right. The way this is working leaves the door open for easy
phishing. I'm surprised that no one noticed that before now.
If the code specifically posted the username and password to a URL on
the local site and then redirected to the original location with the
original parameters (setting a cookie on the way out), that would
solve that problem.
Kevin
On 3/20/06, Paul Boehm <[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> There's a security problem in the current Alpha Auth Code:
>
> previous_url= cherrypy.request.headers.get("Referer", "/")
>
> is used to determine which page requested the authentication
>
> Problem is: A foreign site could forward the unsuspecting user to this
> page, and then get the
> Auth Data returned for free, because the Referer points back to the
> Attacker's Site.
>
>
>
>
--
Kevin Dangoor
Author of the Zesty News RSS newsreader
email: [EMAIL PROTECTED]
company: http://www.BlazingThings.com
blog: http://www.BlueSkyOnMars.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/turbogears
-~----------~----~----~----~------~----~------~--~---
