if you are using sf > 1.2 then you just need to set that csrf_secret ...
On Fri, Dec 11, 2009 at 9:38 AM, DEEPAK BHATIA <[email protected]> wrote: > Hi, > > In the symfony guide, it is given that > > all: > .settings: > # Form security secret (CSRF protection) > csrf_secret: false # Unique secret to enable CSRF protection > or false to disable > # Output escaping settings > escaping_strategy: true # Determines how variables are > made available to templates. Accepted values: on, off. > escaping_method: ESC_SPECIALCHARS # Function or helper used for > escaping. Accepted values: ESC_RAW, ESC_ENTITIES, ESC_JS, > ESC_JS_NO_ENTITIES, and ESC_SPECIALCHARS. > > ==============Question======================================== > > 1. Do I need to install the CSRF plugin or I can simply set the csrf - > unique secret in settings.yml ? > > Thanks > > Deepak Bhatia > > On Fri, Dec 11, 2009 at 12:36 PM, Alexandru-Emil Lupu <[email protected]> > wrote: >> >> By implementing functional tests? Maybe?! >> >> Sent via HTC magic >> >> On Dec 11, 2009 8:51 AM, "DEEPAK BHATIA" <[email protected]> wrote: >> >> Hi, >> >> We have a plugin to solve the problem of CSRF in Symfony. >> >> http://www.symfony-project.org/plugins/sfCSRFPlugin >> >> How can I check whether this is implemented correctly ? >> >> Regards >> >> Deepak Bhatia >> >> >> -- >> >> You received this message because you are subscribed to the Google Groups >> "symfony users" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/symfony-users?hl=en. >> >> -- >> >> You received this message because you are subscribed to the Google Groups >> "symfony users" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/symfony-users?hl=en. > > -- > > You received this message because you are subscribed to the Google Groups > "symfony users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en. > -- Have a nice day! Alecs As programmers create bigger & better idiot proof programs, so the universe creates bigger & better idiots! I am on web: http://www.alecslupu.ro/ I am on twitter: http://twitter.com/alecslupu I am on linkedIn: http://www.linkedin.com/in/alecslupu Tel: (+4)0748.543.798 -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
