Check Your Modes
Posted by Eric Stein - May 21, 2008 CE @ 05:27:07 UTC
This Sunday, I released a short little project I made called PyFBUploader. It went from idea to release in a few hours, and as is wont to happen when little thought goes into a plan, a problem arose. I realized last night that the session storage code for keeping a Facebook platform session open for extended periods of time was insecure; a malicious user with read access to the user's home directory could read the stored session and potentially insert arbitrary photos into the legitimate user's photo approval queue.
This isn't a serious problem, but it highlights something not everyone thinks of when building an application - file security. It is important to make sure files are created in such a way that information that is not supposed to be available to anyone else remains secure.
This isn't a serious problem, but it highlights something not everyone thinks of when building an application - file security. It is important to make sure files are created in such a way that information that is not supposed to be available to anyone else remains secure.
Last Edited May 21, 2008 CE @ 05:29:19 UTC
Post a Comment