Ticket #478 (assigned enhancement)

Opened 6 months ago

Last modified 1 month ago

jforms: support of protection against CSRF

Reported by: laurentj Assigned to: laurentj (accepted)
Priority: highest Milestone: Jelix 1.1 beta 2
Component: jelix:forms Version: 1.0.2
Severity: major Keywords:
Cc: Php version:
Review: Hosting Provider:
Documentation needed: 0 Blocking:
Blocked By: 479

Description

for CSRF, see http://fr.wikipedia.org/wiki/Cross-Site_Request_Forgeries.

We could have an attribute in a jform file, to says if we want to activate CSRF protection. So a token will be generated during the creation of the form, and its validity will be checked.

Change History

06/09/08 22:18:26 changed by laurentj

  • priority changed from normal to highest.
  • status changed from new to assigned.
  • owner set to laurentj.
  • milestone set to Jelix 1.1 beta 1.

07/02/08 10:04:30 changed by bballizlife

Why not having this protection activated by default ?

07/19/08 00:40:17 changed by laurentj

  • milestone changed from Jelix 1.1 beta 1 to Jelix 1.1 beta 2.
Download in other formats: Comma-delimited Text Tab-delimited Text RSS Feed