[Catalyst] preventing Cross Site Request Forgery
Matt S Trout
dbix-class at trout.me.uk
Tue Jun 19 15:47:50 GMT 2007
On Tue, Jun 19, 2007 at 07:11:10AM -0700, Bill Moseley wrote:
> On Tue, Jun 19, 2007 at 04:10:25AM -0500, Jonathan Rockway wrote:
> > http://www.25hoursaday.com/weblog/2007/06/05/WhatRubyOnRailsCanLearnFromASPNET.aspx
> >
> > and realized that Catalyst is just as "vulnerable" as Rails. So, I wrote
> > Catalyst::Plugin::FormCanary to solve the problem. If you care about CSRF,
> > get it from CPAN, load it into your app, and stop worrying :)
>
> Is this much different than Catalyst::Plugin::RequestToken?
Yeah, it comes with an instrusive HTML munger, a complete disregard for
AJAX-induced security holes, a free false sense of security and a silly
name.
Now how could that possibly not be both different -and- better? :)
--
Matt S Trout Need help with your Catalyst or DBIx::Class project?
Technical Director Want a managed development or deployment platform?
Shadowcat Systems Ltd. Contact mst (at) shadowcatsystems.co.uk for a quote
http://chainsawblues.vox.com/ http://www.shadowcatsystems.co.uk/
More information about the Catalyst
mailing list