to make that clearer: On 13 Jan., 14:20, phil <[email protected]> wrote: > Sorry... what? Your answer is somewhat cryptic...
well, you are asking > Is there a way around this with some sort of authentication on the > method? and fred tells you to go rope-skipping: > You're not going to want to have crsf tokens and what not for an api. http://www.crsf.net if you think about it, he probably meant CSRF: http://www.cgisecurity.com/csrf-faq.html and therefor: "no, there is no way around this", because > It doesn't make any sense. so, you have plenty of other possibilities to improve security: > Use http basic, restrict it to requests from the internal network, use api > tokens etc... etc... > The world is your oyster. btw: no offense. i just liked fred's typo ;-) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
