CSRF protection - Githubissues

warrenbuckley / CWS-Umbraco-Standard-Membership

This is used to give an example standard membership to Umbraco V6 +

19 stars 9 forks source link

CSRF protection #1

Closed AndyButland closed 11 years ago

AndyButland commented 11 years ago

Hi Warren

First - thanks for releasing this.

Had one suggestion from a security best practice POV. Could you look to add the AntiForgery tokens to the example forms and controller actions?

Two parts to this:

within the forms in the views add @Html.AntiForgeryToken()
add a [ValidateAntiForgeryToken] attribute to the controller actions that process forms request.

Cheers

Andy

warrenbuckley commented 11 years ago

Hi Andy, Thanks I will do that at lunchtime. Do you have any other suggestions to make to improve this?

Many Thanks, Warren :)

AndyButland commented 11 years ago

That was all so far... thanks. I'll take a look further but that was just the first thing I noticed. Given it'll no doubt become a reference for lots of devs, thought it would be a good idea to have this in place.

warrenbuckley commented 11 years ago

Yeh definitely! Thank you very much for the feedback :)

warrenbuckley commented 11 years ago

Fixed #1 In latest commit https://github.com/warrenbuckley/CWS-Umbraco-Standard-Membership/commit/defecf641cd56e865bc7795e563333f3fadef94f