search

chintan39 / wildblog

Automatically exported from code.google.com/p/wildblog
Other
0 stars 0 forks source link

How to protect agains csrf (5h)? #306

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
http://en.wikipedia.org/wiki/Cross-site_request_forgery

Original issue reported on code.google.com by horak.honza@gmail.com on 23 Apr 2012 at 7:07

GoogleCodeExporter commented 9 years ago 
For every "edit/delete/insert" action use authorizing token.

Original comment by horak.honza@gmail.com on 23 Apr 2012 at 7:12

GoogleCodeExporter commented 9 years ago 
actions protected by csrf protectiou has to call Request::checkCsrf() and 
actions where user can click on protected link have to call 
Request::reGenerateToken()

Original comment by horak.honza@gmail.com on 28 Apr 2012 at 12:40