Hello Magnolia Users, is there a way to prepare Magnolia against Cross-Site Request Forgery?
If I create a form on a webpage it contains a form token. That is used for multi-forms as I understand. But also protects against csrf. But in the admin interface the commands are just post requests? Is it possible to add a token to every action from the web interface? There is a parameter mgnlCK. As far as I understand this is just a timestamp? To disable the cache? Could this be used as a security token? Or is there another way to protect Magnolia from csrf? Thanks and regards, Manuel Hirschauer ---------------------------------------------------------------- For list details, see http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
