I've just added protection against cross-site request forgery attacks
to Rietveld (r466 in SVN HEAD). I know a lot of people are running
their own copy of Rietveld -- you know who you are! I urge you to pick
up this fix to make your site safer.
For more info about XSRF/CSRF (the same thing by two different names),
read the Wikipedia article: http://en.wikipedia.org/wiki/XSRF
--
--Guido van Rossum (home page: http://www.python.org/~guido/)
I've just added protection against cross-site request forgery attacks
to Rietveld (r466 in SVN HEAD). I know a lot of people are running
their own copy of Rietveld -- you know who you are! I urge you to pick
up this fix to make your site safer.
For more info about XSRF/CSRF (the same thing by two different names),
read the Wikipedia article: http://en.wikipedia.org/wiki/XSRF
--
--Guido van Rossum (home page: http://www.python.org/~guido/)