I was just reviewing a Rails application when I stumbled upon Rails' authenticity_token which guards against CSRF. Why don't we have something like that? ;)
There are several approaches to this so a student's task would be to evaluate them, discuss them with the community and implement the one chosen. Uli --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
