[Mailman-Users] Somebody could not subscribe to pypy-dev at python.org

Stephen J. Turnbull stephen at xemacs.org
Thu Apr 23 06:13:27 CEST 2015

Laura Creighton writes:

 > become all the more common in the future.  Is insisting that the IP
 > addresses match serving a useful purpose?

Yes.  Differing request origins is the characteristic signature of a
CSRF attack.[1]  I suppose the site could resolve the IP to a domain,
but that would slow things down significantly.

 > Should we have a more informative error message?

[1]  https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29

More information about the Mailman-Users mailing list