summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Mark Wooding [Thu, 23 Jan 2014 19:08:02 +0000 (19:08 +0000)]
httpauth.py: Improve the CSRF token stuff.
I used to use a simple XOR split, but while I was describing this
mitigation to someone else it struck me that it doesn't actually work:
the bad guy can accept a slowdown factor of 256 and guess corresponding
bytes of both halves to work through the whole token.
Replace the XOR split with a full-on all-or-nothing transform based on
OAEP.
Mark Wooding [Thu, 23 Jan 2014 19:06:06 +0000 (19:06 +0000)]
httpauth.py: Don't crash if Base-64 decoding of the CSRF token fails.
Mark Wooding [Thu, 23 Jan 2014 19:05:23 +0000 (19:05 +0000)]
list.fhtml: Make `logout' be a POST operation.
It's really not idempotent. And also it will spam the CSRF token into
the URL, which isn't what we want.
Mark Wooding [Thu, 23 Jan 2014 19:04:36 +0000 (19:04 +0000)]
cookies.fhtml: Fix stupid typo.
Mark Wooding [Thu, 23 Jan 2014 19:06:23 +0000 (19:06 +0000)]
httpauth.py: Fix stupid formatting error.
Mark Wooding [Sat, 28 Dec 2013 19:30:26 +0000 (19:30 +0000)]
cookies.fhtml: Stupid markup error.
Mark Wooding [Sat, 28 Dec 2013 19:29:54 +0000 (19:29 +0000)]
cookies.fhtml: Fix the epoch date.
Umm. I have no excuse.
Mark Wooding [Sat, 10 Aug 2013 12:31:30 +0000 (13:31 +0100)]
httpauth.py, cookies.fhtml: Randomize CSRF token to prevent BREACH.
The use of `gzip' compression by servers, combined with the possibility
of inserting request parameters in responses can leak information from
responses, notably the CSRF token. We can defend this by splitting it
into two XOR pieces and combining them together again in the server.
Mark Wooding [Sat, 10 Aug 2013 12:29:41 +0000 (13:29 +0100)]
httpauth.py: Use `base64' module's built-in character twiddles.
I hadn't noticed before: `b64encode' has an optional argument which you
can use to change the `+' and `/' characters. Use them instead of a
post-pass with `str.replace'.
Mark Wooding [Sat, 10 Aug 2013 12:28:17 +0000 (13:28 +0100)]
httpauth.py: Allow configuration of the hash function.
Mark Wooding [Sat, 13 Apr 2013 23:14:28 +0000 (00:14 +0100)]
wrapper.fhtml: Tell mobile browsers that we'll work on their screen.
Mark Wooding [Sat, 13 Apr 2013 23:13:00 +0000 (00:13 +0100)]
chpwd.js: Provide the CAPTUREP argument to `addEventListener'.
Otherwise MicroB, at least, raises an exception and none of the
remaining JavaScript will run.
Mark Wooding [Sat, 30 Mar 2013 14:55:12 +0000 (14:55 +0000)]
httpauth.py, cmd-cgi.py, list.fhtml: Implement explicit logout action.
Mark Wooding [Sat, 30 Mar 2013 14:46:31 +0000 (14:46 +0000)]
httpauth.py: Abstract out setting the various cookie attributes.
We'll want to use them elsewhere.
Mark Wooding [Sat, 30 Mar 2013 14:24:27 +0000 (14:24 +0000)]
cmd-cgi.py: Don't allow caching of the `list' page.
May further reduce the possibility of proxies crossing wires over.
Mark Wooding [Sat, 30 Mar 2013 14:00:27 +0000 (14:00 +0000)]
userv.rc: Example Userv configuration dropping.
Mark Wooding [Thu, 28 Mar 2013 00:02:38 +0000 (00:02 +0000)]
Makefile: Add some missing source files to the list.
This isn't working out. There must be a better way.
Mark Wooding [Thu, 28 Mar 2013 00:05:33 +0000 (00:05 +0000)]
agpl.py (dump_dir): Replace unpleasant control-flow variable with an escape.
If only Python had a proper `goto'.
Mark Wooding [Thu, 28 Mar 2013 00:05:01 +0000 (00:05 +0000)]
agpl.py (filez): Slightly better detection of toplevels.
Mark Wooding [Thu, 28 Mar 2013 00:02:38 +0000 (00:02 +0000)]
agpl.py (filez): Check the exit code from the command.
Mark Wooding [Thu, 28 Mar 2013 00:02:38 +0000 (00:02 +0000)]
agpl.py: Document and prettify.
No actual code changes.
agpl.py: Document and prettify.
No actual code changes.
Mark Wooding [Wed, 27 Mar 2013 21:27:02 +0000 (21:27 +0000)]
wrapper.fhtml: Put `html' in lowercase in the DOCTYPE declaration.
Mark Wooding [Wed, 27 Mar 2013 21:26:39 +0000 (21:26 +0000)]
agpl.py: Fix up symbolic links between directories being dumped.
This should make deployment from generated tarballs easier.
Mark Wooding [Wed, 27 Mar 2013 21:25:50 +0000 (21:25 +0000)]
agpl.py: Exclude the root directory from listers.
Otherwise we'll get a strange number of them. Instead, include it
manually.
Mark Wooding [Wed, 27 Mar 2013 21:24:16 +0000 (21:24 +0000)]
agpl.py: Include a `MANIFEST' file explaining where things came from.
Mark Wooding [Sat, 16 Mar 2013 17:43:05 +0000 (17:43 +0000)]
cgi.py: Implement a wrapping operation.
That is, a format control obtained as an argument can be invoked,
passing it a number of other formatting controls, which it can then
invoke in turn as it wishes.
No use for this yet, but it seems like a cool thing to have lying about.
Mark Wooding [Sat, 16 Mar 2013 17:29:39 +0000 (17:29 +0000)]
cgi.py: Export the template cache to the templates.
Now they can invoke each other with `~=TMPL[NAME]@?'.
Mark Wooding [Sat, 16 Mar 2013 17:28:37 +0000 (17:28 +0000)]
format.py: Allow general format controls more widely.
In particular, allow them as inputs to `compile', and to the `~{~}' and
`~?' directives.
Mark Wooding [Sat, 16 Mar 2013 00:35:34 +0000 (00:35 +0000)]
cgi.py, operation.py, list.fhtml: Request-level policy switch.
* Introduce a new configuration variable `ALLOWOP' with a policy flag
for each request type;
* have `BaseRequest.check' ensure that the corresponding policy flag
is set;
* export this policy switch to the template language; and
* only show widgets for the permitted operations in the web interface.
The commands still appear in the userv/SSH interface, which is a bit
gnarly.
Mark Wooding [Sat, 16 Mar 2013 00:31:03 +0000 (00:31 +0000)]
operation.py: Refactor `polswitch' a little.
We're going to use this structure again.
Mark Wooding [Sat, 16 Mar 2013 00:29:40 +0000 (00:29 +0000)]
chpwd: Put `user' into template arguments when run from command-line.
Mark Wooding [Thu, 14 Mar 2013 01:12:09 +0000 (01:12 +0000)]
cgi.py: Fix documentation for `~:H' format operation.
Once upon a time it was going to do form-urlencoding, but it turns out
that quotification is much more useful.
Mark Wooding [Wed, 13 Mar 2013 14:41:51 +0000 (14:41 +0000)]
cgi.py: Escape quote signs in `htmlescape' and `html_quotify'.
This helps protect against XSS attacks.
Mark Wooding [Wed, 13 Mar 2013 14:40:50 +0000 (14:40 +0000)]
format.py: Document the formatting directive syntax.
This was always meant to be here, but got missed out in the rush.
Mark Wooding [Wed, 13 Mar 2013 02:46:40 +0000 (02:46 +0000)]
crypto.py: Another missing import.
Mark Wooding [Tue, 12 Mar 2013 23:11:46 +0000 (23:11 +0000)]
service.py: Yet more unqualified names needing qualification.
Maybe this is the last batch.
Mark Wooding [Tue, 12 Mar 2013 22:17:16 +0000 (22:17 +0000)]
Fix some stupid unknown-variable errors.
Leftover from the split into separate modules.
Mark Wooding [Tue, 12 Mar 2013 04:23:29 +0000 (04:23 +0000)]
.gitignore: Ignore the `.pyo' files left by `python -O'.
Mark Wooding [Tue, 12 Mar 2013 04:17:59 +0000 (04:17 +0000)]
chpwd: Set default config file from environment variable `CHPWD_CONFIG'.
This is more convenient to set from webserver CGI configurations and SSH
`authorized_keys' files.
Mark Wooding [Mon, 11 Mar 2013 22:43:45 +0000 (22:43 +0000)]
cmd-cgi.py: Typo in help message for the CGI `source' command.
Mark Wooding [Sat, 9 Mar 2013 05:50:44 +0000 (05:50 +0000)]
cmd-admin.py: Add `source' command to remote command context.
Now remote-control clients can fetch our source code too. Question:
should the master instance fetch source code for all of its satellites?
Mark Wooding [Sat, 9 Mar 2013 05:31:13 +0000 (05:31 +0000)]
Put the user's name in post-authentication requests.
In GET requests, it goes in the path; for POST requests, it can go in
`%user'. This is to prevent caches from returning the wrong pages. I
feel a bit stupid about not fixing this earlier.
Mark Wooding [Sat, 9 Mar 2013 05:29:10 +0000 (05:29 +0000)]
Keep track of whether a CGI request is carried over SSL.
If it is, then tie the cookie so that it's only returned to us over
SSL-encrypted links.
Mark Wooding [Sat, 9 Mar 2013 05:27:29 +0000 (05:27 +0000)]
cgi.py (cookie): Exclude attribute keys whose value is false.
Mark Wooding [Sat, 9 Mar 2013 05:34:26 +0000 (05:34 +0000)]
cgi.py: Fix stupid typo so that HTTP status codes are returned properly.
Mark Wooding [Fri, 8 Mar 2013 07:23:16 +0000 (07:23 +0000)]
*.fhtml: Use double quotes for HTML attributes.
Makes them highlight better in Emacs.
Mark Wooding [Fri, 8 Mar 2013 07:20:04 +0000 (07:20 +0000)]
*.fhtml: Use proper apostrophes instead of the awful ASCII one.
Mark Wooding [Fri, 8 Mar 2013 07:13:36 +0000 (07:13 +0000)]
cookies.fhtml: Use correct link for the source code archive.
Mark Wooding [Fri, 8 Mar 2013 07:12:25 +0000 (07:12 +0000)]
cgi.py: Remove defunct `html' function.
Mark Wooding [Fri, 8 Mar 2013 07:11:26 +0000 (07:11 +0000)]
cgi.py: Remove the old error reporting machinery.
It's all in templates now.
Mark Wooding [Fri, 8 Mar 2013 02:53:11 +0000 (02:53 +0000)]
Makefile: Update the `auto.py' symlink correctly.
Mark Wooding [Thu, 7 Mar 2013 18:47:57 +0000 (18:47 +0000)]
Initial commit.