Return-Path: Delivered-To: apmail-tapestry-dev-archive@www.apache.org Received: (qmail 53058 invoked from network); 14 Mar 2011 15:35:00 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 14 Mar 2011 15:35:00 -0000 Received: (qmail 40566 invoked by uid 500); 14 Mar 2011 15:35:00 -0000 Delivered-To: apmail-tapestry-dev-archive@tapestry.apache.org Received: (qmail 40545 invoked by uid 500); 14 Mar 2011 15:35:00 -0000 Mailing-List: contact dev-help@tapestry.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tapestry development" Delivered-To: mailing list dev@tapestry.apache.org Received: (qmail 40528 invoked by uid 99); 14 Mar 2011 15:34:59 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Mar 2011 15:34:59 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of thiagohp@gmail.com designates 74.125.83.52 as permitted sender) Received: from [74.125.83.52] (HELO mail-gw0-f52.google.com) (74.125.83.52) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Mar 2011 15:34:53 +0000 Received: by gwj15 with SMTP id 15so2517630gwj.11 for ; Mon, 14 Mar 2011 08:34:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:content-type:to:subject:references:date :mime-version:content-transfer-encoding:from:message-id:in-reply-to :user-agent; bh=I0HtynnfoH1HqyeOWcRjzA+WEKSkE1phuGNNnKdlw+A=; b=lLld3RI502uf9E3bSTY10I877ElQjNe7r0mZlAquP6DTiVLl9HeE/PMVXN673zNGJb fFCQCURO6pTbxLME5NKOMe6AMSYxLDVBA4XEMh1gK0CudRXeAyCLCIpIDPFWoMa7i1K4 xI2dx7AlewOtJMLLhpQZr1il3K6g4dkS58tGE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=content-type:to:subject:references:date:mime-version :content-transfer-encoding:from:message-id:in-reply-to:user-agent; b=H7IazK0XiwEgBbIAuAp8P78jcvv82SZuM5LikAwO6ph83Q5Ll3CUpMy7MfeGWlfh1M iybKe/nyBDZuRBcie4o7r7jcmWUbED3kfswGCcOf7+ljCf5+NbQixwC5IQb6koyrsn8j VcHgWCISaMU5S059AQ4Aso1BghIET9I3Chz6Q= Received: by 10.90.62.29 with SMTP id k29mr3358605aga.15.1300116871997; Mon, 14 Mar 2011 08:34:31 -0700 (PDT) Received: from arsmachina (bhe201062133110.res-com.wayinternet.com.br [201.62.133.110]) by mx.google.com with ESMTPS id e24sm1738891ana.22.2011.03.14.08.34.29 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 14 Mar 2011 08:34:30 -0700 (PDT) Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: "Tapestry development" Subject: Re: CSRF safeguard as GSoC task? References: <4D7E2DCA.7010205@spielviel.de> Date: Mon, 14 Mar 2011 12:34:29 -0300 MIME-Version: 1.0 Content-Transfer-Encoding: Quoted-Printable From: "Thiago H. de Paula Figueiredo" Message-ID: In-Reply-To: <4D7E2DCA.7010205@spielviel.de> User-Agent: Opera Mail/11.01 (Linux) X-Virus-Checked: Checked by ClamAV on apache.org On Mon, 14 Mar 2011 12:01:30 -0300, Ulrich St=C3=A4rk = wrote: > I was just reviewing a Rails application when I stumbled upon Rails' = > authenticity_token which guards > against CSRF. Why don't we have something like that? ;) > > There are several approaches to this so a student's task would be to = > evaluate them, discuss them > with the community and implement the one chosen. +1. By the way, unfortunately, I can't be a monitor this year. :( -- = Thiago H. de Paula Figueiredo Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,= = and instructor Owner, Ars Machina Tecnologia da Informa=C3=A7=C3=A3o Ltda. http://www.arsmachina.com.br --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org For additional commands, e-mail: dev-help@tapestry.apache.org