[Catalyst] preventing Cross Site Request Forgery

Matt S Trout dbix-class at trout.me.uk
Tue Jun 19 15:47:50 GMT 2007

On Tue, Jun 19, 2007 at 07:11:10AM -0700, Bill Moseley wrote:
> On Tue, Jun 19, 2007 at 04:10:25AM -0500, Jonathan Rockway wrote:
> > http://www.25hoursaday.com/weblog/2007/06/05/WhatRubyOnRailsCanLearnFromASPNET.aspx
> > 
> > and realized that Catalyst is just as "vulnerable" as Rails.  So, I wrote 
> > Catalyst::Plugin::FormCanary to solve the problem.  If you care about CSRF, 
> > get it from CPAN, load it into your app, and stop worrying :)
> Is this much different than Catalyst::Plugin::RequestToken?

Yeah, it comes with an instrusive HTML munger, a complete disregard for
AJAX-induced security holes, a free false sense of security and a silly

Now how could that possibly not be both different -and- better? :)

      Matt S Trout       Need help with your Catalyst or DBIx::Class project?
   Technical Director    Want a managed development or deployment platform?
 Shadowcat Systems Ltd.  Contact mst (at) shadowcatsystems.co.uk for a quote
http://chainsawblues.vox.com/             http://www.shadowcatsystems.co.uk/ 

More information about the Catalyst mailing list