Thanks I am using Symfony 1.1.
I have checked XSS attack by enabling the flag in the settings.yml. But for CSRF I have to use the plugin and use filters.yml for the same. Regards Deepak Bhatia On Fri, Dec 11, 2009 at 1:16 PM, Alexandru-Emil Lupu <gang.al...@gmail.com>wrote: > sorry i meant >= > > On Fri, Dec 11, 2009 at 9:45 AM, Dennis Benkert > <spinecras...@googlemail.com> wrote: > > This also works with symfony 1.2 :) > > > > Am 11.12.2009 um 08:41 schrieb Alexandru-Emil Lupu > > <gang.al...@gmail.com>: > > > >> if you are using sf > 1.2 then you just need to set that > >> csrf_secret ... > >> > >> On Fri, Dec 11, 2009 at 9:38 AM, DEEPAK BHATIA <toreachdee...@gmail.com > >> > wrote: > >>> Hi, > >>> > >>> In the symfony guide, it is given that > >>> > >>> all: > >>> .settings: > >>> # Form security secret (CSRF protection) > >>> csrf_secret: false # Unique secret to enable CSRF > >>> protection > >>> or false to disable > >>> # Output escaping settings > >>> escaping_strategy: true # Determines how > >>> variables are > >>> made available to templates. Accepted values: on, off. > >>> escaping_method: ESC_SPECIALCHARS # Function or helper > >>> used for > >>> escaping. Accepted values: ESC_RAW, ESC_ENTITIES, ESC_JS, > >>> ESC_JS_NO_ENTITIES, and ESC_SPECIALCHARS. > >>> > >>> ==============Question======================================== > >>> > >>> 1. Do I need to install the CSRF plugin or I can simply set the > >>> csrf - > >>> unique secret in settings.yml ? > >>> > >>> Thanks > >>> > >>> Deepak Bhatia > >>> > >>> On Fri, Dec 11, 2009 at 12:36 PM, Alexandru-Emil Lupu < > gang.al...@gmail.com > >>> > > >>> wrote: > >>>> > >>>> By implementing functional tests? Maybe?! > >>>> > >>>> Sent via HTC magic > >>>> > >>>> On Dec 11, 2009 8:51 AM, "DEEPAK BHATIA" <toreachdee...@gmail.com> > >>>> wrote: > >>>> > >>>> Hi, > >>>> > >>>> We have a plugin to solve the problem of CSRF in Symfony. > >>>> > >>>> http://www.symfony-project.org/plugins/sfCSRFPlugin > >>>> > >>>> How can I check whether this is implemented correctly ? > >>>> > >>>> Regards > >>>> > >>>> Deepak Bhatia > >>>> > >>>> > >>>> -- > >>>> > >>>> You received this message because you are subscribed to the Google > >>>> Groups > >>>> "symfony users" group. > >>>> To post to this group, send email to symfony-us...@googlegroups.com. > >>>> To unsubscribe from this group, send email to > >>>> symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com> > . > >>>> For more options, visit this group at > >>>> http://groups.google.com/group/symfony-users?hl=en. > >>>> > >>>> -- > >>>> > >>>> You received this message because you are subscribed to the Google > >>>> Groups > >>>> "symfony users" group. > >>>> To post to this group, send email to symfony-us...@googlegroups.com. > >>>> To unsubscribe from this group, send email to > >>>> symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com> > . > >>>> For more options, visit this group at > >>>> http://groups.google.com/group/symfony-users?hl=en. > >>> > >>> -- > >>> > >>> You received this message because you are subscribed to the Google > >>> Groups > >>> "symfony users" group. > >>> To post to this group, send email to symfony-us...@googlegroups.com. > >>> To unsubscribe from this group, send email to > >>> symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com> > . > >>> For more options, visit this group at > >>> http://groups.google.com/group/symfony-users?hl=en. > >>> > >> > >> > >> > >> -- > >> Have a nice day! > >> Alecs > >> > >> As programmers create bigger & better idiot proof programs, so the > >> universe creates bigger & better idiots! > >> I am on web: http://www.alecslupu.ro/ > >> I am on twitter: http://twitter.com/alecslupu > >> I am on linkedIn: http://www.linkedin.com/in/alecslupu > >> Tel: (+4)0748.543.798 > >> > >> -- > >> > >> You received this message because you are subscribed to the Google > >> Groups "symfony users" group. > >> To post to this group, send email to symfony-us...@googlegroups.com. > >> To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com> > >> . > >> For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en > >> . > >> > >> > > > > -- > > > > You received this message because you are subscribed to the Google Groups > "symfony users" group. > > To post to this group, send email to symfony-us...@googlegroups.com. > > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com> > . > > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en. > > > > > > > > > > -- > Have a nice day! > Alecs > > As programmers create bigger & better idiot proof programs, so the > universe creates bigger & better idiots! > I am on web: http://www.alecslupu.ro/ > I am on twitter: http://twitter.com/alecslupu > I am on linkedIn: http://www.linkedin.com/in/alecslupu > Tel: (+4)0748.543.798 > > -- > > You received this message because you are subscribed to the Google Groups > "symfony users" group. > To post to this group, send email to symfony-us...@googlegroups.com. > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en. > > > -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
