Re: [symfony-users] CSRF Attacks

Thu, 10 Dec 2009 23:38:45 -0800 

Hi,

In the symfony guide, it is given that

all:
  .settings:
    # Form security secret (CSRF protection)
    csrf_secret:       false     # Unique secret to enable CSRF protection
or false to disable
    # Output escaping settings
    escaping_strategy:      true            # Determines how variables are
made available to templates. Accepted values: on, off.
    escaping_method:        ESC_SPECIALCHARS # Function or helper used for
escaping. Accepted values: ESC_RAW, ESC_ENTITIES, ESC_JS,
ESC_JS_NO_ENTITIES, and ESC_SPECIALCHARS.

==============Question========================================

1. Do I need to install the CSRF plugin or I can simply set the csrf -
unique secret in settings.yml ?

Thanks

Deepak Bhatia

On Fri, Dec 11, 2009 at 12:36 PM, Alexandru-Emil Lupu
<[email protected]>wrote:

> By implementing functional tests? Maybe?!
>
> Sent via HTC magic
>
>   On Dec 11, 2009 8:51 AM, "DEEPAK BHATIA" <[email protected]>
> wrote:
>
> Hi,
>
> We have a plugin to solve the problem of CSRF in Symfony.
>
> http://www.symfony-project.org/plugins/sfCSRFPlugin
>
> How can I check whether this is implemented correctly ?
>
> Regards
>
> Deepak Bhatia
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "symfony users" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected]<symfony-users%[email protected]>
> .
> For more options, visit this group at
> http://groups.google.com/group/symfony-users?hl=en.
>
>    --
> You received this message because you are subscribed to the Google Groups
> "symfony users" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected]<symfony-users%[email protected]>
> .
> For more options, visit this group at
> http://groups.google.com/group/symfony-users?hl=en.
>

--

You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en.

Reply via email to