validate CSRF token (Check length)
|Reported by:||jedie||Owned by:||raulcd|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||yes||Patch needs improvement:||no|
I wonder that the CSRF token send from the client didn't be validated.
Don't know if a DOS attack is possible by sending many request with very long CSRF tokens?
IMHO it's a good idea to check the length before do anything with it.
Change History (8)
comment:1 Changed 3 years ago by jedie
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
comment:2 Changed 3 years ago by tinodb
- Component changed from Uncategorized to contrib.csrf
- Needs tests set
- Triage Stage changed from Unreviewed to Accepted
comment:3 Changed 2 years ago by raulcd
- Owner changed from nobody to raulcd
- Status changed from new to assigned