Hi All,
First, the important question: If I use
http://docs.pylonsproject.org/projects/pyramid/1.0/narr/sessions.html#using-the-default-session-factory
is the CSRF protection provided by
http://docs.pylonsproject.org/projects/pyramid/1.0/narr/sessions.html#preventing-cross-site-request-forgery-attacks
still secure and effective?
The less important question: which tracker should I use for
documentation feature requests?
It sounds like
http://docs.pylonsproject.org/projects/pyramid/1.0/narr/sessions.html#preventing-cross-site-request-forgery-attacks
is important, but without a worked example of the dangerous use case,
and that same example shown with session.get_csrf_token saving the day,
I struggle to follow it.
Ideally, I guess I'd like an example with a template and a view, showing
what could happen and the workflow of usinging the CSRF protection stuff...
cheers,
Chris
--
Simplistix - Content Management, Batch Processing & Python Consulting
- http://www.simplistix.co.uk
--
You received this message because you are subscribed to the Google Groups
"pylons-devel" group.
To post to this group, send email to pylons-devel@googlegroups.com.
To unsubscribe from this group, send email to
pylons-devel+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/pylons-devel?hl=en.
