[pLog-svn] Anti CSRF solution

Mark Wu markplace at gmail.com
Tue Nov 27 05:54:54 EST 2007


Go! Go! Reto! 

> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net 
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Reto Hugi
> Sent: Tuesday, November 27, 2007 6:51 PM
> To: 'LifeType Developer List'
> Subject: Re: [pLog-svn] Anti CSRF solution
> 
> hi mark
> 
> Mark Wu wrote:
> 
> > I think modification adminaction is easy, but you have to 
> add  hidden 
> > input to all forms we want to protect, then that's not a 
> fun job .. :P
> 
> yes I know. We've got quite a lot of forms to work through...
> 
> 
> > Take the deleteComment for example, in lifetype we use 
> > "deleteComments" to delete multiplut comments at the same 
> time, it is 
> > a http post request, and we also use "deleteComment" to delete  one 
> > comment in each time, and it is http "get" request.
> 
> ah, good point. That is the case on many requests. Maybe we 
> should really think about what we can to in the requestgenerators...
> 
> Oh well, I'll think about it and surely be glad for help and 
> feedback here and there. we'll see if I find an "easy" way to 
> implement all that.
> 
> reto
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn



More information about the pLog-svn mailing list