On 6/4/10 09:28 , Andreas Jung wrote:
recommended approach for
> protecting a BFG app against XSS and CSRF?
Below is the code I use. The basic idea is that my users have a 'secret'
attribute which is reset every time they login. This value is included
in all forms in a hidden csrf_token field
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi there,
well the subject says it all..is there some recommended approach for
protecting a BFG app against XSS and CSRF?
I looked at plone.protect - but at least inside a buildout it tries to
pull in a complete Zope 2 egg :->
Andreas
- --
ZOPYX L