wicket-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sven Meier <s...@meiers.net>
Subject Re: Implementing a SecureForm to avoid CSRF attacks
Date Wed, 11 Jun 2014 12:38:02 GMT
Hi,

a single token from the start of a form until its submit should do fine.

I'm just wondering why you see the need to update the token, although 
the form isn't re-rendered and thus the token is unchanged.

Sven

On 06/11/2014 02:19 PM, shayy wrote:
> Hmm, not sure about that. Do you mean that onEvent() will both re-generate
> the token on the SecureForm class as well as replace the value on the HTML?
> Security wise, is there a reason to do that?
>
>
> --
> View this message in context: http://apache-wicket.1842946.n4.nabble.com/Implementing-a-SecureForm-to-avoid-CSRF-attacks-tp4666175p4666201.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org


Mime
View raw message