[Zope-dev] CSRF protection for z3c.form
Stephan Richter
srichter at cosmos.phy.tufts.edu
Mon Apr 4 09:57:18 EDT 2011
On Monday, April 04, 2011, Laurence Rowe wrote:
> I'd be interested to know how other z3c.form users approach CSRF protection
> and what approach they would recommend.
Hi Lawrence,
I am okay with (1), but find (3) ore attractive. Since I am not familiar with
the token solution to avoid CSRF attacks, can you briefly describe the sequence
that is used to avoid those requests? Maybe we can some up with a tightly
integrated solution. I have no problem with modifying z3c.form to support such
a feature.
Regards,
Stephan
--
Entrepreneur and Software Geek
Google me. "Zope Stephan Richter"
More information about the Zope-Dev
mailing list