Hello Am 13.12.21 um 12:09 schrieb Sebastian Hagedorn: > Hi, > > thanks for the recent security fixes regarding potential CSRF attacks! I > checked our mischief logs for relevant messages today and the only one I > found was this: > > Nov 24 19:33:24 2021 (117276) Form for user [email protected] > submitted with CSRF token issued for [email protected]. > > The only difference is in the case of the email address. I’m no expert > on CSRF attacks, but to me it seems as though the comparison should > perhaps disregard differences in case only? >
As local part of an email address can be case sensitive, this should only be case insensitive for the domain part. Kind regards, Christian Mack -- Christian Mack Mailinglisten-Administration Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung & Lehre 78457 Konstanz, Deutschland ++49 7531 88 4416 ------------------------------------------------------ Mailman-Users mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/[email protected]/ https://mail.python.org/archives/list/[email protected]/
