under the topic of against CSRF...
Date 2006-05-31 06:08:21 | Category: PHP
|
It is non-sense to check "Time-out error" or "Ticket" error in Wiki editing. These checks make users much impatience.
The "rerversibility" is the most important to think about "anti-CSRF".
If a web application has a reversibility in editing, it is not necessary to add Ticket nor Referer checking in transaction stage for posting.
Wiki is a well-desinged application from this point of view.
We should design applications with reversibilities as possible.
|
|