On Mon, Feb 16, 2009 at 9:04 AM, [email protected] <[email protected]> wrote: > > Thats sounds fair, but I was thinking rails would actually prevent > this forgery by using a secret key koncept. > >
Yes, but they are protecting from different things. The default route let's people do a GET against the create action and so on. This is should be prevented. steve --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lovd by Less" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/lovdbyless?hl=en Who loves ya baby? -~----------~----~----~----~------~----~------~--~---
