Hi Mark<br><br><br><div class="gmail_quote"><span></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="新細明體" size="2">Are you really see the url I attached in this
thread???</font></span></div></div></blockquote><div>Yes, I saw the group, and also I saw a part of code, I take a general look (sorry) :P<br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div dir="ltr" align="left"><span><font color="#0000ff" face="新細明體" size="2"></font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="新細明體" size="2"></font></span> </div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="新細明體" size="2">It is the way as you describe but more
general.</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="新細明體" size="2"></font></span> </div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="新細明體" size="2">So, I really have no idea why you said the way is
wrong.</font></span></div></div></blockquote><div>I didn't say it's wrong .<br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div dir="ltr" align="left"><span><font color="#0000ff" face="新細明體" size="2"></font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="新細明體" size="2"></font></span> </div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="新細明體" size="2">Mark</font></span></div><br>
<blockquote style="border-left: 2px solid rgb(0, 0, 255); padding-left: 5px; margin-left: 5px; margin-right: 0px;">
<div dir="ltr" align="left" lang="zh-tw">
<hr>
<font face="Tahoma" size="2"><div class="Ih2E3d"><b>From:</b> <a href="mailto:plog-svn-bounces@devel.lifetype.net" target="_blank">plog-svn-bounces@devel.lifetype.net</a>
[mailto:<a href="mailto:plog-svn-bounces@devel.lifetype.net" target="_blank">plog-svn-bounces@devel.lifetype.net</a>] <b>On Behalf Of </b>Ahmad
Saleh<br></div><b>Sent:</b> Saturday, November 24, 2007 12:46 AM<div class="Ih2E3d"><br><b>To:</b>
LifeType Developer List<br><b>Subject:</b> Re: [pLog-svn] Anti CSRF
solution<br></div></font><br></div>
<div><div></div><div class="Wj3C7c"><div></div>Hi Mark<br><br>I think you cannot solve CSRF Issue by just checking
on the request url, I know, it's a part of solution but not a solution, cause
there is no special characters added to url to specify if it's a csrf attack
or not. and also in LifeType you can send parameter by any request method
(GET/POST) <br><br>And the easy way which I talked about is by generate a key
on each request and save it in a session (list/queue), send it to view (add it
to urls "?csrfCode=KKHEIKSI883KF83", or but it in a hidden field in the form).
<br><br>then check if the csrf code valid in the session list, if so, perform
the process and remove the csrf key from the session and generate another
one.<br><br><br>Regards,<br> Ahmad<br></div></div></blockquote></div>
<br>_______________________________________________<br>pLog-svn mailing list<br><a href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net</a><br><a href="http://limedaley.com/mailman/listinfo/plog-svn" target="_blank">
http://limedaley.com/mailman/listinfo/plog-svn</a><br></blockquote></div><br>