[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Revised Web UI for NPF as a GSoC project
On Tue, Mar 15, 2016 at 12:48:29AM +0300, Aleksej Saushev wrote:
> coypu%SDF.ORG@localhost writes:
> > Feedback needed:
> > Security:
> > It seems like there's a big need for security. I've learned of one
> > attack called cross-site request forgery. Seems like the way to tackle
> > it is an awkward dance with embedding tokens in forms.
> > I can already see that Sailor (other Lua framework)'s authentication
> > scheme doesn't handle this...
> > Are there other such concerns?
> I would try to avoid this. It is tricky thing that requires investing
> a lot more time that you have. Not that you may write without any
> thought about security, yet don't put too much effort into it.
It shouldn't be difficult to implement CSRF to any framework (which has
reasonable API). I think you should get familiar with this projects before
If you encounter any problems with web security then ping me, I think I'd be
able to help since it's part of my $DAYJOB.
Main Index |
Thread Index |