Okay, Thanks. Will hv to do that. On Wed, Oct 3, 2012 at 9:54 AM, Russell Keith-Magee <russ...@keith-magee.com > wrote:
> On Wed, Oct 3, 2012 at 12:19 PM, Laxmikant Gurnalkar > <laxmikant.gurnal...@gmail.com> wrote: > > Hi, > > Thanks for the suggestion Russell, > > I never felt insecure when I dont use csrf. Since I hv disabled. > > anyways, Thanks again. > > I don't want to appear rude, but I suspect the only reason you don't > feel insecure is because you don't fully understand the risks. > > There's a reason Django has CSRF protection turned on by default. CSRF > attacks are very real, very common, and very easy to manufacture. If > you're not taking steps to prevent CSRF attacks, any website you > produce is potentially at risk. I *strongly* urge you to do some > research into CSRF attacks, and if you have problems with Django's > CSRF framework, ask about and solve those problems -- don't just turn > off CSRF protection and declare that your site works. > > Yours, > Russ Magee %-) > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- * GlxGuru * -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
