search

18F / confidential-survey

A Rails app for conducting confidential surveys without violating user privacy
Other
28 stars 6 forks source link

Verify that use of secret `id` parameter isn't causing more problems than it should solve #25

Closed harrisj closed 8 years ago

harrisj commented 8 years ago

I added the survey_id to the form as a basic checksum beyond CSRF. Should I even bother? It's making OWASP unhappy