On Thu, Apr 1, 2010 at 7:20 AM, Jeff Lewis wrote:
> This seems like a non-issue to me that can and should be handled by
> the developer of the app, regardless of what lang/framework you're
> using, by following basic best-practices for securing your app against
> csrf or sql-injection or ... atta
This seems like a non-issue to me that can and should be handled by
the developer of the app, regardless of what lang/framework you're
using, by following basic best-practices for securing your app against
csrf or sql-injection or ... attack.
So in your post example, if you didn't want to restrict
On Thu, Apr 1, 2010 at 1:08 AM, Frederick Cheung wrote:
> Without getting into the debate about how idempotent GET requests
> really are I'd suspect that these days most people are using restful
> routes. If you use restful routes and remove the default route then
> it's not possible invoke (eg)
On Apr 1, 1:52 am, JSW wrote:
> How many rails developers do we think put a POST-method validation
> filter around all their form processing code, and yet expect
> protect_from_forgery stills somehow protects the actions?
>
Without getting into the debate about how idempotent GET requests
reall
4 matches
Mail list logo
