if you are using sf > 1.2 then you just need to set that csrf_secret ...
On Fri, Dec 11, 2009 at 9:38 AM, DEEPAK BHATIA <toreachdee...@gmail.com> wrote: > Hi, > > In the symfony guide, it is given that > > all: > .settings: > # Form security secret (CSRF protection) > csrf_secret: false # Unique secret to enable CSRF protection > or false to disable > # Output escaping settings > escaping_strategy: true # Determines how variables are > made available to templates. Accepted values: on, off. > escaping_method: ESC_SPECIALCHARS # Function or helper used for > escaping. Accepted values: ESC_RAW, ESC_ENTITIES, ESC_JS, > ESC_JS_NO_ENTITIES, and ESC_SPECIALCHARS. > > ==============Question======================================== > > 1. Do I need to install the CSRF plugin or I can simply set the csrf - > unique secret in settings.yml ? > > Thanks > > Deepak Bhatia > > On Fri, Dec 11, 2009 at 12:36 PM, Alexandru-Emil Lupu <gang.al...@gmail.com> > wrote: >> >> By implementing functional tests? Maybe?! >> >> Sent via HTC magic >> >> On Dec 11, 2009 8:51 AM, "DEEPAK BHATIA" <toreachdee...@gmail.com> wrote: >> >> Hi, >> >> We have a plugin to solve the problem of CSRF in Symfony. >> >> http://www.symfony-project.org/plugins/sfCSRFPlugin >> >> How can I check whether this is implemented correctly ? >> >> Regards >> >> Deepak Bhatia >> >> >> -- >> >> You received this message because you are subscribed to the Google Groups >> "symfony users" group. >> To post to this group, send email to symfony-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> symfony-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/symfony-users?hl=en. >> >> -- >> >> You received this message because you are subscribed to the Google Groups >> "symfony users" group. >> To post to this group, send email to symfony-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> symfony-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/symfony-users?hl=en. > > -- > > You received this message because you are subscribed to the Google Groups > "symfony users" group. > To post to this group, send email to symfony-us...@googlegroups.com. > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en. > -- Have a nice day! Alecs As programmers create bigger & better idiot proof programs, so the universe creates bigger & better idiots! I am on web: http://www.alecslupu.ro/ I am on twitter: http://twitter.com/alecslupu I am on linkedIn: http://www.linkedin.com/in/alecslupu Tel: (+4)0748.543.798 -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
