Hi absalito, I'm already familiar with the topic in general, but thanks for mention wikipedia because of: "The attacker must determine the right values for all the form's or URL's inputs". This means for my understanding URLs are a valid possibility to request actions that change data, therefore they need protection.
Did you read the mentioned ticket, I guess this is a very good explanation of what my concern is all about. So, the question above is not about CSRF in general but rather why links aren't protected with CSRF in symfony. Kind regards Enrico On 20 Jan., 22:46, absalito <[email protected]> wrote: > "CSRF" is about protecting forms of "spamming", adding a field > generated at runtime that identifies the form as unique. > if the form is used otherwise than through the application, the field > for "csrf" will not be valid, and therefore it will be identified as > an attack. > see it on wikipedia > > http://en.wikipedia.org/wiki/Cross-site_request_forgery > > i apologize for my horrible english.. im' using google translator :) > > On Jan 20, 5:06 pm, Enrico Stahn <[email protected]> wrote: > > > Hello, > > > I've wondered if it is uncommon to protect "normal" links against > > attackers. I have found a feature request for this issue but no > > response since one year. > > >http://trac.symfony-project.org/ticket/5742 > > > Maybe i misunderstood the concept of csrf in this case. Could somebody > > give me clarification about this? > > > Thanks > > Enrico
-- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
