Hi, I am working with restful_authentication plugin fresh install from today.
In the users_controller one can read the following: --- There's no page here to update or destroy a user. If you add those, be smart -- make sure you check that the visitor is authorized to do so, that they supply their old password along with a new one to update it, etc. --- I thought Rails had a CSRF protection when submitting forms. Can it be hacked? If that is the case, this means that even for adding/removing/editing entries, an admin will be required to enter his password for each action he takes. What do you think? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
