Hello,
We're looking to increase our application security foundation by adding Nonces
to our HTML forms. A Nonce is a one-use token, generated with the form and
validated with the submission, that helps to mitigate CSRF (cross site request
forgery) attacks. A quick search of CPAN doesn't
On 07/16/2010 02:19 PM, Todd Ross wrote:
1) Are there existing Nonce solutions that I might be overlooking?
2) What's the best way to integrate the concept into CGI::Application?
(Plugin?)
For both of these you should look at the
CGI::Application::Plugin::ProtectCSRF module. It might not be
Hi Todd
On Fri, 2010-07-16 at 14:31 -0400, Michael Peters wrote:
On 07/16/2010 02:19 PM, Todd Ross wrote:
1) Are there existing Nonce solutions that I might be overlooking?
2) What's the best way to integrate the concept into CGI::Application?
(Plugin?)
For both of these you should