Hi All,
Firsly, a few comments on the book chapter relating to this:
- The example on page 233 and the first one on page 234 both import
getGlobalSiteManager even though it's not used in the example.
- The example on page 235 calls hook_zca() even though I believe this
has the opposite effect
On 6/4/10 09:28 , Andreas Jung wrote:
recommended approach for
> protecting a BFG app against XSS and CSRF?
Below is the code I use. The basic idea is that my users have a 'secret'
attribute which is reset every time they login. This value is included
in all forms in a hidden csrf_token field
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi there,
well the subject says it all..is there some recommended approach for
protecting a BFG app against XSS and CSRF?
I looked at plone.protect - but at least inside a buildout it tries to
pull in a complete Zope 2 egg :->
Andreas
- --
ZOPYX L
