On Monday, April 04, 2011, Laurence Rowe wrote:
> I'd be interested to know how other z3c.form users approach CSRF protection
> and what approach they would recommend.

Hi Lawrence,

I am okay with (1), but find (3) ore attractive. Since I am not familiar with 
the token solution to avoid CSRF attacks, can you briefly describe the sequence 
that is used to avoid those requests? Maybe we can some up with a tightly 
integrated solution. I have no problem with modifying z3c.form to support such 
a feature.

Regards,
Stephan
-- 
Entrepreneur and Software Geek
Google me. "Zope Stephan Richter"
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
https://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope )

Reply via email to