[Zope-dev] CSRF protection for z3c.form

Stephan Richter srichter at cosmos.phy.tufts.edu
Mon Apr 4 09:57:18 EDT 2011


On Monday, April 04, 2011, Laurence Rowe wrote:
> I'd be interested to know how other z3c.form users approach CSRF protection
> and what approach they would recommend.

Hi Lawrence,

I am okay with (1), but find (3) ore attractive. Since I am not familiar with 
the token solution to avoid CSRF attacks, can you briefly describe the sequence 
that is used to avoid those requests? Maybe we can some up with a tightly 
integrated solution. I have no problem with modifying z3c.form to support such 
a feature.

Regards,
Stephan
-- 
Entrepreneur and Software Geek
Google me. "Zope Stephan Richter"


More information about the Zope-Dev mailing list