středa 21. července 2010

ZK 3.6 CSRF Protection

Unfortunately, ZK Web Framework version 3.6 and earlier lack any CSRF protection. i have created a very basic event filter to tackle this issue. Hope, someone else may find it useful, see http://sites.google.com/site/xmedeko/code/zk-web-framework/zk-3-6-csrf-protection. It is just a very first version, leave me a comment, if you have some suggestion.

Update 15th Sep 2010: Improved protection and logging.

Žádné komentáře: