PEAK XOOPS - under the topic of against CSRF... in englishin japanese

Archive | RSS |
PHP : under the topic of against CSRF...
Poster : GIJOE on 2006-05-31 06:08:21 (9053 reads)

in englishin japanese
It is non-sense to check "Time-out error" or "Ticket" error in Wiki editing.
These checks make users much impatience.

The "rerversibility" is the most important to think about "anti-CSRF".

If a web application has a reversibility in editing, it is not necessary to add Ticket nor Referer checking in transaction stage for posting.

Wiki is a well-desinged application from this point of view.

We should design applications with reversibilities as possible.

Printer friendly page Send this story to a friend

Comments list

Username or e-mail:


Remember Me

Lost Password?

Register now!