Changeset View
Changeset View
Standalone View
Standalone View
www/py-flask-paranoid/pkg-descr
- This file was added.
Flask-Paranoid is a simple extension for the Flask microframework that protects | |||||
the application against certain attacks in which the user session cookie is | |||||
stolen and then used by the attacker. | |||||
When a client connects to the application for the first time, a token that | |||||
represents certain characteristics of this client is generated and stored. In | |||||
succesive requests sent by this client, this token is regenerated and compared | |||||
against the stored one. If the tokens are different, it is assumed that the | |||||
client is sending requests from a different environment than the one in which | |||||
the session was originally created, so in this case the session is destroyed | |||||
and the request rejected as a preventive measure. | |||||
By default, the token is generated from the IP address and the user agent of | |||||
the client. |