[pLog-svn] Anti CSRF solution
markplace at gmail.com
Tue Nov 27 05:54:54 EST 2007
Go! Go! Reto!
> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Reto Hugi
> Sent: Tuesday, November 27, 2007 6:51 PM
> To: 'LifeType Developer List'
> Subject: Re: [pLog-svn] Anti CSRF solution
> hi mark
> Mark Wu wrote:
> > I think modification adminaction is easy, but you have to
> add hidden
> > input to all forms we want to protect, then that's not a
> fun job .. :P
> yes I know. We've got quite a lot of forms to work through...
> > Take the deleteComment for example, in lifetype we use
> > "deleteComments" to delete multiplut comments at the same
> time, it is
> > a http post request, and we also use "deleteComment" to delete one
> > comment in each time, and it is http "get" request.
> ah, good point. That is the case on many requests. Maybe we
> should really think about what we can to in the requestgenerators...
> Oh well, I'll think about it and surely be glad for help and
> feedback here and there. we'll see if I find an "easy" way to
> implement all that.
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
More information about the pLog-svn