Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...)
.
oscar.vives at gmail.com
Mon Jan 21 08:56:29 UTC 2013
On 21 January 2013 09:26, . <oscar.vives at gmail.com> wrote:
> On 21 January 2013 07:19, Matt Palmer <mpalmer at hezmatt.org> wrote:
> ...
>>> If the form is submitted without the correct POST value, if their IP
>>> address changed, or after too many seconds since the timestamp,
>>> then redisplay the form to the user, with a request for them to
>>> visually inspect and confirm the submission.
>>
>> Which is decidedly more user-friendly than most people implement, but
>> suffers from the problem that some subset of your userbase is going to be
>> using a connection that doesn't have a stable IP address, and it won't take
>> too many random "please re-confirm the form submission you made" requests
>> before the user gives your site the finger and goes to find something better
>> to do.
>>
>
> You want to stop the CSRF problem, but you want to support a user
> making the login in a IP, and submiting a "delete account" button *the
> next second* from a different IP. then you want this solution to be
> better cost effective than cookies.
>
> Maybe ask the user his password.
>
> <form method="post">
> <input type="hidden" name="id_user" value="33">
> <input type="hidden" name="action" value="delete_user">
> <input type="submit" value="Delete user">
> <p>For this action you must provide the password. </p>
> <input type="password" name="password" value="">
> </from>
>
> Even if this request come from a IP in china, you can allow it.
So this solution can be read has:
- Do nothing to avoid CSRF.
- Except for destructive actions, where you ask for the password.
--
--
ℱin del ℳensaje.
More information about the NANOG
mailing list