tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Revised Web UI for NPF as a GSoC project

On Tue, Mar 15, 2016 at 12:48:29AM +0300, Aleksej Saushev wrote:
> coypu%SDF.ORG@localhost writes:

> > Feedback needed:
> >
> > Security:
> > It seems like there's a big need for security. I've learned of one
> > attack called cross-site request forgery. Seems like the way to tackle
> > it is an awkward dance with embedding tokens in forms.
> > I can already see that Sailor (other Lua framework)'s authentication
> > scheme doesn't handle this...
> >
> > Are there other such concerns?
> I would try to avoid this. It is tricky thing that requires investing
> a lot more time that you have. Not that you may write without any
> thought about security, yet don't put too much effort into it.

It shouldn't be difficult to implement CSRF to any framework (which has
reasonable API). I think you should get familiar with this projects before
you start:

If you encounter any problems with web security then ping me, I think I'd be
able to help since it's part of my $DAYJOB.

 Best Regards,
 Mateusz Kocielski

Home | Main Index | Thread Index | Old Index