Hello All, I posted this on the user list but maybe this is more appropriate here.
Is there a way to prepare Magnolia against Cross-Site Request Forgery? If I create a form on a webpage it contains a form token. That is used for multi-forms as I understand. But also protects against csrf. But in the admin interface the commands are just post requests? Is it possible to add a token to every action from the web interface? There is a parameter mgnlCK. As far as I understand this is just a timestamp? To disable the cache? Could this be used as a security token? Or is there another way to protect Magnolia from csrf? Is there a solution for the enterprise edition maybe? Or a future magnolia version (as for now I am using 4.4.4 Thanks and regards, Manuel Hirschauer ---------------------------------------------------------------- For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com> ----------------------------------------------------------------
