4 Apr
2011
4 Apr
'11
1:57 p.m.
On Monday, April 04, 2011, Laurence Rowe wrote:
I'd be interested to know how other z3c.form users approach CSRF protection and what approach they would recommend.
Hi Lawrence, I am okay with (1), but find (3) ore attractive. Since I am not familiar with the token solution to avoid CSRF attacks, can you briefly describe the sequence that is used to avoid those requests? Maybe we can some up with a tightly integrated solution. I have no problem with modifying z3c.form to support such a feature. Regards, Stephan -- Entrepreneur and Software Geek Google me. "Zope Stephan Richter"