[vlc-devel] [PATCH 0/2] mitigate CSRF and DNS rebinding attacks on httpd server.
Rémi Denis-Courmont
remi at remlab.net
Wed Jan 31 19:17:55 CET 2018
Le keskiviikkona 31. tammikuuta 2018, 20.16.01 EET Rémi Denis-Courmont a écrit
:
> Le keskiviikkona 31. tammikuuta 2018, 19.38.00 EET Pierre Lamot a écrit :
> > This series aim to mitigate CSRF and DNS rebinding attacks against the
> > http
> > interface.
>
> That is a very reall problem, but nevertheless this seems to me like putting
> the cart before the horses.
real
>
> First, enforce POST for all non-indempotent requests. Then, you can think
> about "newer" attacks like CSRF.
non-idempotent
--
雷米‧德尼-库尔蒙
https://www.remlab.net/
More information about the vlc-devel
mailing list