|
|
|
|
|
|
by elamje
1847 days ago
|
|
|
This reminds me - A couple of years back, I was making https://lifeboxhq.com which involved users uploading quite a bit of content. I was happily testing security with some url resource enumeration and for some reason, I could non-deterministically access user uploads via url, even on accounts I didn't own. I spent several days looking at my Flask code, javascript, etc. to debug.... I knew it wasn't my code, but I was getting more and more frustrated, then I remembered I set up Cloudflare.... Remember to exclude certain routes from Cloudflare if you want to avoid arbitrary user content from being cached without authentication. |
|
|