a4fa2ec9af
Certain attacks rely on predictable paths for their payloads. If we weren’t so overly lax in our (id, URL) check, the current counterfeit activity exploit would be one of those. It seems plausible for future attacks to hinge on or being made easier by predictable paths too. In general, letting remote actors place arbitrary data at a path within our domain of their choosing (sans prefix) just doesn’t seem like a good idea. Using fully random filenames would have worked as well, but this is less friendly for admins checking emoji dirs. The generated suffix should still be more than enough; an attacker needs on average 140 trillion attempts to correctly guess the final path. |
||
---|---|---|
.. | ||
activity_pub | ||
mrf | ||
object_validator | ||
object_validators | ||
side_effects | ||
views | ||
activity_pub.ex | ||
activity_pub_controller.ex | ||
builder.ex | ||
internal_fetch_actor.ex | ||
mrf.ex | ||
object_validator.ex | ||
pipeline.ex | ||
publisher.ex | ||
relay.ex | ||
side_effects.ex | ||
transmogrifier.ex | ||
utils.ex | ||
visibility.ex |