[pLog-svn] Anti CSRF solution
plog at hugi.to
Fri Nov 23 05:58:15 EST 2007
Mark Wu wrote:
> I know we discussion this issue before, but seems there is no soluton
> for this.
> This come the code from google code, maybe we can borrow the idea from
> this tool
oh well, I added exactly that link to bugs.lt.net a couple of minutes
I think we can use is to build our methods in the validation classes,
and validate the token on a per action basis. It's more efficient than
simulating some sort of pseudo security layer on top LTs business logic.
IMO that layer should be handled by mod_security, .htaccess files and
BTW: Do we need an additional table to implement this? I thought it's ok
to use the users session....
More information about the pLog-svn