-- Tom Graham <[email protected]> wrote (on Sunday, 01 March 2009, 05:07 PM +0000): > I recently wrote a blog post about how I now use Zend_Form_Element_Hash, > I hope someone might find it interesting/userful. > > http://www.noginn.com/2009/03/01/preventing-csrf-properly/ > > I have outlined some issues with the standard approach and how to better > tackle invalid CSRF tokens.
This is a great writeup. Obviously, it's not something we can do generically within Zend_Form, but I'd love to add that example to the manual. Any objections? -- Matthew Weier O'Phinney Software Architect | [email protected] Zend Framework | http://framework.zend.com/
