under the topic of against CSRF...

Date 2006-05-31 06:08:21 | Category: PHP
in englishin japanese
It is non-sense to check "Time-out error" or "Ticket" error in Wiki editing.
These checks make users much impatience.

The "rerversibility" is the most important to think about "anti-CSRF".

If a web application has a reversibility in editing, it is not necessary to add Ticket nor Referer checking in transaction stage for posting.

Wiki is a well-desinged application from this point of view.

We should design applications with reversibilities as possible.


You can read more news at PEAK XOOPS.
http://xoops.peak.ne.jp

The URL for this story is:
http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=118