Hi Laurence, Stephan
> Betreff: Re: [Zope-dev] CSRF protection for z3c.form
>
> On Wednesday, April 06, 2011, Laurence Rowe wrote:
> >def update(self):
> >super(Form, self).update()
> >self.updateActions()
> >
On 6 April 2011 22:24, Roger wrote:
> Hi Laurence
>
>> Betreff: Re: [Zope-dev] CSRF protection for z3c.form
>>
>> On 6 April 2011 18:43, Roger wrote:
>> > Hi Laurence
>> >
>> >> Betreff: Re: [Zope-dev] CSRF protection for z3c.form
>> &g
Hi Laurence
> Betreff: Re: [Zope-dev] CSRF protection for z3c.form
>
> On 6 April 2011 18:43, Roger wrote:
> > Hi Laurence
> >
> >> Betreff: Re: [Zope-dev] CSRF protection for z3c.form
> >>
> >> On 4 April 2011 19:16, Roger wrote:
> >&g
On 6 April 2011 18:43, Roger wrote:
> Hi Laurence
>
>> Betreff: Re: [Zope-dev] CSRF protection for z3c.form
>>
>> On 4 April 2011 19:16, Roger wrote:
>> > Hi Shane
>> >
>> >> -Ursprüngliche Nachricht-
>> >> Von: Shane
On 6 April 2011 18:52, Roger wrote:
> Hi Laurence
>
>> Betreff: Re: [Zope-dev] CSRF protection for z3c.form
>>
>> On 4 April 2011 16:53, Stephan Richter
>> wrote:
>> > On Monday, April 04, 2011, Laurence Rowe wrote:
>> >> The authenticato
On 4/6/11 7:43 PM, Roger wrote:
[..]
> I think to protect the form is just a part of a concept.
> Another part must be to prevent to inject JavaScript in
> user generated content. If an application allows to post
> JS in a blog post or comment etc. it should be possible to
> use easydmx to read and
Hi Laurence
> Betreff: Re: [Zope-dev] CSRF protection for z3c.form
>
> On 4 April 2011 16:53, Stephan Richter
> wrote:
> > On Monday, April 04, 2011, Laurence Rowe wrote:
> >> The authenticator is described on
> >> http://pypi.python.org/pypi/plone.
Hi Laurence
> Betreff: Re: [Zope-dev] CSRF protection for z3c.form
>
> On 4 April 2011 19:16, Roger wrote:
> > Hi Shane
> >
> >> -Ursprüngliche Nachricht-
> >> Von: Shane Hathaway [mailto:sh...@hathawaymix.org]
> >> Gesendet: Montag
On 4 April 2011 16:53, Stephan Richter wrote:
> On Monday, April 04, 2011, Laurence Rowe wrote:
>> The authenticator is described on
>> http://pypi.python.org/pypi/plone.protect, but basically it adds an
>> HMAC-SHA signed token into the form submission. By validating this you
>> know that the sub
27;; stephan.rich...@gmail.com
>> Betreff: Re: [Zope-dev] CSRF protection for z3c.form
>>
>> On 04/04/2011 10:22 AM, Roger wrote:
>> > Just because you can write login forms with z3c.form this
>> package has
>> > nothing to do with authentication. That's ju
Hi Stephan
> Betreff: Re: AW: [Zope-dev] CSRF protection for z3c.form
>
> On Monday, April 04, 2011, Roger wrote:
> > Authentication is defently not a part
> > of our z3c.form framework and should not become one.
> >
> > Why do you think authentication has something to do with
> the z3c.form
>
Hi Shane
> -Ursprüngliche Nachricht-
> Von: Shane Hathaway [mailto:sh...@hathawaymix.org]
> Gesendet: Montag, 4. April 2011 19:54
> An: d...@projekt01.ch
> Cc: 'Laurence Rowe'; 'zope-dev'; stephan.rich...@gmail.com
> Betreff: Re: [Zope-dev] CSRF
On 04/04/2011 10:22 AM, Roger wrote:
> Just because you can write login forms with
> z3c.form this package has nothing to do with
> authentication. That's just a form framework!
>
> Authentication is defently not a part
> of our z3c.form framework and should not
> become one.
>
> Why do you think a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/04/2011 12:23 PM, Wichert Akkerman wrote:
> On 2011-4-4 18:22, Roger wrote:
>> Hi Laurence, Stephan
>>
>> Just because you can write login forms with
>> z3c.form this package has nothing to do with
>> authentication. That's just a form framework!
On 2011-4-4 18:22, Roger wrote:
> Hi Laurence, Stephan
>
> Just because you can write login forms with
> z3c.form this package has nothing to do with
> authentication. That's just a form framework!
>
> Authentication is defently not a part
> of our z3c.form framework and should not
> become one.
>
Hi Laurence, Stephan
Just because you can write login forms with
z3c.form this package has nothing to do with
authentication. That's just a form framework!
Authentication is defently not a part
of our z3c.form framework and should not
become one.
Why do you think authentication has something
to
On Monday, April 04, 2011, Laurence Rowe wrote:
> The authenticator is described on
> http://pypi.python.org/pypi/plone.protect, but basically it adds an
> HMAC-SHA signed token into the form submission. By validating this you
> know that the submission came from a form that your site rendered,
> r
On 4 April 2011 14:57, Stephan Richter wrote:
> On Monday, April 04, 2011, Laurence Rowe wrote:
>> I'd be interested to know how other z3c.form users approach CSRF protection
>> and what approach they would recommend.
>
> Hi Lawrence,
>
> I am okay with (1), but find (3) ore attractive. Since I am
On Monday, April 04, 2011, Laurence Rowe wrote:
> I'd be interested to know how other z3c.form users approach CSRF protection
> and what approach they would recommend.
Hi Lawrence,
I am okay with (1), but find (3) ore attractive. Since I am not familiar with
the token solution to avoid CSRF atta
19 matches
Mail list logo
