Changeset View
Changeset View
Standalone View
Standalone View
www/py-flask-paranoid/pkg-descr
- This file was added.
| Flask-Paranoid is a simple extension for the Flask microframework that protects | |||||
| the application against certain attacks in which the user session cookie is | |||||
| stolen and then used by the attacker. | |||||
| When a client connects to the application for the first time, a token that | |||||
| represents certain characteristics of this client is generated and stored. In | |||||
| succesive requests sent by this client, this token is regenerated and compared | |||||
| against the stored one. If the tokens are different, it is assumed that the | |||||
| client is sending requests from a different environment than the one in which | |||||
| the session was originally created, so in this case the session is destroyed | |||||
| and the request rejected as a preventive measure. | |||||
| By default, the token is generated from the IP address and the user agent of | |||||
| the client. | |||||