Check Your Modes
May 21, 2008 @ 01:27:07
This Sunday, I released a short little project I made called PyFBUploader. It went from idea to release in a few hours, and as is wont to happen when little thought goes into a plan, a problem arose. I realized last night that the session storage code for keeping a Facebook platform session open for extended periods of time was insecure; a malicious user with read access to the user's home directory could read the stored session and potentially insert arbitrary photos into the legitimate user's photo approval queue.
This isn't a serious problem, but it highlights something not everyone thinks of when building an application - file security. It is important to make sure files are created in such a way that information that is not supposed to be available to anyone else remains secure.
This isn't a serious problem, but it highlights something not everyone thinks of when building an application - file security. It is important to make sure files are created in such a way that information that is not supposed to be available to anyone else remains secure.
Last Edited May 21, 2008 @ 01:29:19
Post a Comment