Comments | lj_dev: Preventing the sausage attack UPDATED

ciphergoth in lj_dev

Preventing the sausage attack UPDATED

Jun 11, 2004 18:08

Update: note for new readers

I probably can't answer your questions about the attack. If bad things have happened to your journal, as a result of this attack or otherwise, please file a support requestIf you got bitten by a new attack on LJ that's recently become popular, and someone directed you here for more information, I'm sorry but you've ( Read more... )

Leave a comment

Back to all threads

wechsler June 11 2004, 12:13:02 UTC

Would I be right in assuming that this attack can work against *any* site that uses cookies for user auth?

mivlad June 11 2004, 12:41:09 UTC

Yes, it will work against most of them. And it would be much easier to cope with if the Referer field would be mandatory (at least on the same domain).

deliberateblank June 12 2004, 18:24:58 UTC

The referrer field comes from the client. It's a useful guideline in many situations, but it can't be absolutely trusted by the server under any circumstances. (Apart from those where the client is absolutely trusted, which doesn't apply on the internet.)

Re: Reply to your comment... mivlad June 13 2004, 01:50:59 UTC

Javascript that submits a form can't forge the referer so in this case it can be trusted.

fxl June 12 2004, 15:26:25 UTC

Yes. In fact, as a part of my day job, I create pages like this all day long for legitamate reasons.

Much of the time it is used if a user accidently closes their browser in the middle of a shopping cart order. A page that replicates the sites own forms gives the user the oppurtunity to rescue their browsing session and associated session cookies, and finish the order.

So, this can be a feature, as well as an 'attack'.

Back to all threads

Leave a comment