On Thursday, February 10, 2011 4:48:05 PM UTC, Brian Craft wrote:
>
> I'll have to look at this in more detail, but two notes, off-the-top.
>
> First, port 80 is kept open because the browser will try port 80 if
> the user types in the url without the protocol. On port 80 all we do
> is issue a redirect to https, but the client will have spilled the
> cookies by then.
>
> Second, the most like scenario for this to happen is with a wireless
> MITM. E.g. an attacker sits in, or near a coffee shop, or office, with
> a laptop setup as an AP, trolling for connections from unsuspecting
> users. If anyone connects, the laptop can be used as a MITM. So, for
> example, when the user types the url and hits port 80, the MITM can
> create an https connection to the target site, and return it via http.
>
> I'm not certain there's a csrf attack here, but I suspect there is.
>
Just a warning: if you think you're getting close to identifying a security 
hole, please don't post it in a public newsgroup, but email it directly to 
the private Django security list: secur...@djangoproject.com
--
DR.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Reply via email to