[cgiapp] FormKeys / Nonce
Ron Savage
ron at savage.net.au
Fri Jul 16 20:07:41 EDT 2010
Hi Todd
On Fri, 2010-07-16 at 14:31 -0400, Michael Peters wrote:
> On 07/16/2010 02:19 PM, Todd Ross wrote:
>
> > 1) Are there existing Nonce solutions that I might be overlooking?
> > 2) What's the best way to integrate the concept into CGI::Application?
> > (Plugin?)
>
> For both of these you should look at the
> CGI::Application::Plugin::ProtectCSRF module. It might not be exactly
> what you're looking for, but it should give you at least a basis for
> your own solution.
See also http://from.bz/public/documents/publications/csrf.pdf
and http://blog.archive.jpsykes.com/47/practical-csrf-and-json-security/
--
Ron Savage
http://savage.net.au/
Ph: 0421 920 622
More information about the cgiapp
mailing list