> -----Ursprüngliche Nachricht-----
> Von: Shane Hathaway [mailto:sh...@hathawaymix.org]
> Gesendet: Montag, 4. April 2011 19:54
> An: d...@projekt01.ch
> Cc: 'Laurence Rowe'; 'zope-dev'; stephan.rich...@gmail.com
> Betreff: Re: [Zope-dev] CSRF protection for z3c.form
> On 04/04/2011 10:22 AM, Roger wrote:
> > Just because you can write login forms with z3c.form this
> package has
> > nothing to do with authentication. That's just a form framework!
> > Authentication is defently not a part
> > of our z3c.form framework and should not become one.
> > Why do you think authentication has something to do with
> the z3c.form
> > library? Did I miss something?
> This thread is using the word authenticate differently than
> most other Zope-related discussions. Here, we are
> authenticating the *form*, not the user. We need to be sure
> that submitted form data was produced by an authentic form.
> Otherwise, a crafty site could cause the user's browser to
> invoke some action in the background.
I know what you mean. As long as this is not implemented
in z3c.form I'm fine Because I don't belive in this
kind of protection since I did some very fancy stuff
> BTW, the CSRF issue has existed as long as HTML forms have
> existed, but for some reason it has only drawn attention in
> the past year or two.
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -