Hi Todd On Fri, 2010-07-16 at 14:31 -0400, Michael Peters wrote: > On 07/16/2010 02:19 PM, Todd Ross wrote: > > > 1) Are there existing Nonce solutions that I might be overlooking? > > 2) What's the best way to integrate the concept into CGI::Application? > > (Plugin?) > > For both of these you should look at the > CGI::Application::Plugin::ProtectCSRF module. It might not be exactly > what you're looking for, but it should give you at least a basis for > your own solution.
See also http://from.bz/public/documents/publications/csrf.pdf and http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/ -- Ron Savage http://savage.net.au/ Ph: 0421 920 622 ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################