[Catalyst] CSRF

Wade.Stuart at fallon.com Wade.Stuart at fallon.com
Tue Sep 30 17:40:40 BST 2008



Dave Howorth <dhoworth at mrc-lmb.cam.ac.uk> wrote on 09/30/2008 10:23:10 AM:

> There's an interesting paper on CSRF mentioned on slashdot today:
> <http://www.freedom-to-tinker.com/sites/default/files/csrf.pdf>
>
> It mentions Catalyst along with some other frameworks and suggests a way
> to build in CSRF-protection.
>
> Cheers, Dave
>

I really don't understand why they even reference Catalyst.  CSRF is a
generalized issue -- whether you use Catalyst or hand spun assembly for a
webapp the same protections are needed.   Seems like a cheap way (listing a
bunch of frameworks in a security paper) to gain cheap traffic on your
paper.

-Wade




More information about the Catalyst mailing list