search

stepmania / stepmania-site

StepMania's Website, forums, etc.
https://www.stepmania.com/
19 stars 7 forks source link

Post deleting should have a confirm dialog, and leave behind a stub stating the original author and the reason for deletion #38

Open roothorick opened 10 years ago

SoonDead commented 10 years ago

The biggest problem with this is that the current post deletion is done by a simple GET request.

This opens up the possibility of someone redirecting you to delete your own post.

This can be done by a link, but a malicious site can even redirect you to delete your post without even notifying you beforehand.

Every operation that not only fetches data but makes changes to any object should be a POST request, as it is much harder to trick someone into making a post request he/she doesn't want.

This would require substantial changes to a few "atomic" operations that are done by a single request (delete, subscription, etc.), like:

This form could also be opened on a popup and submitted by ajax. Or the whole thing could be done by javascript in the background.

shakesoda commented 10 years ago

yeah, things like that should have security tokens to stop CSRFs

On Tue, Feb 11, 2014 at 1:03 PM, Márton Vincze notifications@github.comwrote:

The biggest problem with this is that the current post deletion is done by a simple GET request.

This opens up the possibility of someone redirecting you to delete your own post.

This can be done by a link, but a malicious site can even redirect you to delete your post without even notifying you beforehand.

— Reply to this email directly or view it on GitHubhttps://github.com/stepmania/stepmania-site/issues/38#issuecomment-34806530 .

SoonDead commented 10 years ago

Yes, a security token bound to the user session would help a ton, it is even more important than using POST, and wouldn't require that many code changes.

Although exposing this token as a GET parameter is fine in theory, it can be troublesome as it can be leaked as referer and will be saved in the browser history which is sometimes dumpable by browser specific exploits. Also since it is not proper REST, a prefetching might still simply delete entire threads. Like in the Google Web Accelerator scandal.