Dave Howorth <[EMAIL PROTECTED]> wrote on 09/30/2008 10:23:10 AM:
> There's an interesting paper on CSRF mentioned on slashdot today: > <http://www.freedom-to-tinker.com/sites/default/files/csrf.pdf> > > It mentions Catalyst along with some other frameworks and suggests a way > to build in CSRF-protection. > > Cheers, Dave > I really don't understand why they even reference Catalyst. CSRF is a generalized issue -- whether you use Catalyst or hand spun assembly for a webapp the same protections are needed. Seems like a cheap way (listing a bunch of frameworks in a security paper) to gain cheap traffic on your paper. -Wade _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
