Oops. Meant to send this to the list. Is anyone successfully using CGI::Application::Plugin::ProtectCSRF?
Todd ----- Forwarded Message ---- From: Todd Ross <[email protected]> To: Michael Peters <[email protected]> Sent: Mon, July 19, 2010 10:48:30 AM Subject: Re: [cgiapp] FormKeys / Nonce Thanks for the reference Michael. Unfortunately, I can't even get the module installed, so it's difficult for me to evaluate. [myuse...@myunixserver:~/cgitemp/CGI-Application-Plugin-ProtectCSRF-1.01]> export PERL5LIB=$PERL5LIB:/home/myuserid/build/perl-addons/inst/usr/local/lib/perl5:/home/myuserid/build/perl-addons/inst/usr/local/lib/perl5/site_perl [myuse...@myunixserver:~/cgitemp/CGI-Application-Plugin-ProtectCSRF-1.01]> perl Makefile.PL DESTDIR=/tmp/temp_perl Checking if your kit is complete... Looks good Writing Makefile for CGI::Application::Plugin::ProtectCSRF [myuse...@myunixserver:~/cgitemp/CGI-Application-Plugin-ProtectCSRF-1.01]> make [myuse...@myunixserver:~/cgitemp/CGI-Application-Plugin-ProtectCSRF-1.01]> make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/00.load.....................ok t/01.csrf_error...............ok t/02.publish_csrf_ticket......ok t/03.protect_csrf.............ok t/04.protect_csrf_error.......ok t/perlcritic..................skipped: Test::Perl::Critic required for testing PBP compliance t/pod-coverage................ok t/pod.........................ok All tests successful. Files=8, Tests=8, 5 wallclock secs ( 0.09 usr 0.06 sys + 1.92 cusr 0.66 csys = 2.73 CPU) Result: PASS [myuse...@myunixserver:~/cgitemp/CGI-Application-Plugin-ProtectCSRF-1.01]> make install Writing /tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application/Plugin/ProtectCSRF/.packlist Appending installation info to /tmp/temp_perl/usr/local/lib/perl5/5.8.8/sun4-solaris/perllocal.pod [myuse...@myunixserver:~/cgitemp/CGI-Application-Plugin-ProtectCSRF-1.01]> find /tmp/temp_perl /tmp/temp_perl /tmp/temp_perl/lib /tmp/temp_perl/lib/perl5 /tmp/temp_perl/lib/perl5/site_perl /tmp/temp_perl/lib/perl5/site_perl/5.8.8 /tmp/temp_perl/lib/perl5/site_perl/5.8.8/sun4-solaris /tmp/temp_perl/lib/perl5/site_perl/5.8.8/sun4-solaris/auto /tmp/temp_perl/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI /tmp/temp_perl/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application /tmp/temp_perl/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application/Plugin /tmp/temp_perl/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application/Plugin/ProtectCSRF /tmp/temp_perl/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application/Plugin/ProtectCSRF/.packlist /tmp/temp_perl/lib/perl5/5.8.8 /tmp/temp_perl/lib/perl5/5.8.8/sun4-solaris /tmp/temp_perl/lib/perl5/5.8.8/sun4-solaris/perllocal.pod /tmp/temp_perl/usr /tmp/temp_perl/usr/local /tmp/temp_perl/usr/local/lib /tmp/temp_perl/usr/loc al/lib/perl5 /tmp/temp_perl/usr/local/lib/perl5/site_perl /tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8 /tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris /tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris/auto /tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI /tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application /tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application/Plugin /tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application/Plugin/ProtectCSRF /tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application/Plugin/ProtectCSRF/.packlist /tmp/temp_perl/usr/local/lib/perl5/5.8.8 /tmp/temp_perl/usr/local/lib/perl5/5.8.8/sun4-solaris /tmp/temp_perl/usr/local/lib/perl5/5.8.8/sun4-solaris/perllocal.pod The distribution doesn't even install its own modules. CPAN makes me sad sometimes. Todd ________________________________ From: Michael Peters <[email protected]> To: CGI Application <[email protected]> Cc: Todd Ross <[email protected]> Sent: Fri, July 16, 2010 1:31:12 PM Subject: Re: [cgiapp] FormKeys / Nonce On 07/16/2010 02:19 PM, Todd Ross wrote: > 1) Are there existing Nonce solutions that I might be overlooking? > 2) What's the best way to integrate the concept into CGI::Application? > (Plugin?) For both of these you should look at the CGI::Application::Plugin::ProtectCSRF module. It might not be exactly what you're looking for, but it should give you at least a basis for your own solution. -- Michael Peters Plus Three, LP ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
