not-kennethreitz/convore.json
1
0
Fork 0
mirror of https://github.com/not-kennethreitz/convore.json.git synced 2026-06-21 23:50:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
convore.json/groups/django-community/if-the-cnvrs-security-hole-is-fixed-can-you-explain-what-the-issue-was/messages.json
T
Kenneth Reitz add958b068 shuffle things around a bit
2012-02-21 01:15:00 -05:00

1 line
5.0 KiB
JSON
Raw Permalink Blame History

[{"user_id": 4219, "stars": [], "topic_id": 4660, "date_created": 1297570379.9951711, "message": "I'm guessing it was a .js based issue?", "group_id": 81, "id": 88213}, {"user_id": 1, "stars": [{"date_created": 1297593364.0919421, "user_id": 7512}], "topic_id": 4660, "date_created": 1297570658.4797571, "message": "https://grepular.com/Case_Study_Multiple_Convore_Security_Privacy_Problems", "group_id": 81, "id": 88216}, {"user_id": 5029, "stars": [], "topic_id": 4660, "date_created": 1297580756.5726349, "message": "Does that mean that you are not using this decorator ?", "group_id": 81, "id": 88594}, {"user_id": 214, "stars": [], "topic_id": 4660, "date_created": 1297582039.0913141, "message": "Too easy to set up a fake version of the login page and start harvesting passwords.", "group_id": 81, "id": 88687}, {"user_id": 5029, "stars": [], "topic_id": 4660, "date_created": 1297580777.696116, "message": "My question is in fact : is this security problem present on all django sites ?", "group_id": 81, "id": 88595}, {"user_id": 5029, "stars": [], "topic_id": 4660, "date_created": 1297580660.314826, "message": "https://convore.com/login/?next=https://grepular.com/", "group_id": 81, "id": 88580}, {"user_id": 5029, "stars": [], "topic_id": 4660, "date_created": 1297580659.7478139, "message": "Very interesting read. I have a question about the security problem using the redirect after login :", "group_id": 81, "id": 88579}, {"user_id": 1, "stars": [], "topic_id": 4660, "date_created": 1297580834.783179, "message": "@madewulf I'm not sure, I'm not using Django's decorator. I think it's possible it's a vulnerability. In this case I think it's one of those things where reasonable people disagree on what's a feature and what's a vulnerability.", "group_id": 81, "id": 88601}, {"user_id": 1, "stars": [], "topic_id": 4660, "date_created": 1297581980.799619, "message": "I have a bad case of NIH", "group_id": 81, "id": 88677}, {"user_id": 214, "stars": [], "topic_id": 4660, "date_created": 1297582121.4105561, "message": "(But you guys fixed that, at least according to the grepular page.)", "group_id": 81, "id": 88700}, {"user_id": 1, "stars": [], "topic_id": 4660, "date_created": 1297580845.488152, "message": "But I don't claim to be a security expert, so I'm not sure.", "group_id": 81, "id": 88603}, {"user_id": 214, "stars": [{"date_created": 1297581950.2101359, "user_id": 1}], "topic_id": 4660, "date_created": 1297581939.2067511, "message": "Django's login_required is not vulnerable because it calls urlparse.urlparse on the redirect_to, and refuses to use it if its a redirect to a different host.", "group_id": 81, "id": 88674}, {"user_id": 5029, "stars": [{"date_created": 1297580920.9444981, "user_id": 1}], "topic_id": 4660, "date_created": 1297580898.2653241, "message": "In my first test, it does not work with django login_required.", "group_id": 81, "id": 88605}, {"user_id": 1, "stars": [], "topic_id": 4660, "date_created": 1297580953.1078801, "message": "Thanks, @madewulf :)", "group_id": 81, "id": 88610}, {"user_id": 1, "stars": [], "topic_id": 4660, "date_created": 1297580740.9447291, "message": "@madewulf Yeah?", "group_id": 81, "id": 88592}, {"user_id": 214, "stars": [], "topic_id": 4660, "date_created": 1297581953.9335301, "message": "(And urlparse handles scheme-relative URLs correctly).", "group_id": 81, "id": 88675}, {"user_id": 214, "stars": [], "topic_id": 4660, "date_created": 1297582016.4483509, "message": "A login-redirect that's vulnerable to remote redirection is not in that category, IMO.", "group_id": 81, "id": 88681}, {"user_id": 5029, "stars": [], "topic_id": 4660, "date_created": 1297580721.470453, "message": "It does not seem to happen on my django sites, with the login_required decorator", "group_id": 81, "id": 88591}, {"user_id": 1, "stars": [], "topic_id": 4660, "date_created": 1297582016.298882, "message": "@carljm Yeah, some of that stuff I didn't fix", "group_id": 81, "id": 88680}, {"user_id": 1, "stars": [], "topic_id": 4660, "date_created": 1297582206.231117, "message": "@carljm Yeah, we definitely did.", "group_id": 81, "id": 88708}, {"user_id": 5029, "stars": [], "topic_id": 4660, "date_created": 1297580914.536006, "message": "Which is a good news ;-)", "group_id": 81, "id": 88606}, {"user_id": 5029, "stars": [], "topic_id": 4660, "date_created": 1297580943.5012989, "message": "Nice site btw.", "group_id": 81, "id": 88609}, {"user_id": 1, "stars": [], "topic_id": 4660, "date_created": 1297581974.5410781, "message": "Then it's probably a lesson in avoiding NIH :)", "group_id": 81, "id": 88676}, {"user_id": 214, "stars": [], "topic_id": 4660, "date_created": 1297581997.3753991, "message": "@ericflo I would say some of the stuff about detecting if a user is logged in to convore is \"reasonable people could disagree.\"", "group_id": 81, "id": 88678}, {"user_id": 5, "stars": [{"date_created": 1297588889.60057, "user_id": 1}], "topic_id": 4660, "date_created": 1297588429.573266, "message": "Nice that all this was caught early. You guys got a free security audit. :)", "group_id": 81, "id": 89180}]
Reference in New Issue View Git Blame Copy Permalink