Re: Newbie CSRF protection questions

On Sun, Apr 14, 2013 at 4:59 AM, Tom Christie wrote: > One minor correction worth pointing out... > > "The first defense against CSRF attacks is to ensure that GET requests are >>> side-effect free." What's meant by "side effect free"? >> >> > > It means that the request

Re: Newbie CSRF protection questions

One minor correction worth pointing out... "The first defense against CSRF attacks is to ensure that GET requests are >> side-effect free." What's meant by "side effect free"? > > It means that the request must be idempotent - that if you make the same > request on the server multiple times,

Re: Newbie CSRF protection questions

Russ, This is a really great explanation of CSRF vulnerabilities, and I think I have a handle on what I need to do now. Thanks for taking to time to spell things out for me. > > Best, Spork -- You received this message because you are subscribed to the Google Groups "Django users" group. To

Re: Newbie CSRF protection questions

On Fri, Apr 12, 2013 at 10:49 AM, wrote: > Hi, > > I'm fairly new to web development and Django, and I'm trying to make sure > my application is protected against CSRF attacks. I've read through > https://docs.djangoproject.com/en/dev/ref/contrib/csrf/, but I'm not >

Newbie CSRF protection questions

Hi, I'm fairly new to web development and Django, and I'm trying to make sure my application is protected against CSRF attacks. I've read through https://docs.djangoproject.com/en/dev/ref/contrib/csrf/, but I'm not confident I'm understanding it fully. I'd be very grateful for some