Why not just set a custom cookie, and use that in the form instead of
a session id? Seems a lot less hacky than browser fingerprints, and
On Mar 14, 6:50 am, Aaron Swartz <m...@aaronsw.com> wrote:
> thedod added a cookbook page about CSRF to the wiki:https://github.com/webpy/webpy.github.com/commit/33f34aedc82e040950ca...
> My feelings on this are:
> 1. If code blocks are generally useful, it should be in web.py and not
> web.py's policy on security is generally "secure by default" but it'd
> Then there should be two functions built into templetor, one that
> The main security question is: what's the token? The cookbook page
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.