To avoid the $SECRET-in-URL leaking problem, put $SECRET in a hidden form field that is sent to the server in POST requests to update the configuration, rather than in a leakable URL. (Secrets don't belong in names, no matter how much you want them to.)
Then you'd have a solution identical to the standard CSRF solution for non-cap web apps. It is proven to work well. Of course, making $SECRET short-lived is still a good idea. -- http://noncombatant.org/ _______________________________________________ tahoe-dev mailing list [email protected] http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
