Unfortunately, ZK Web Framework version 3.6 and earlier lack any CSRF protection. i have created a very basic event filter to tackle this issue. Hope, someone else may find it useful, see http://sites.google.com/site/xmedeko/code/zk-web-framework/zk-3-6-csrf-protection. It is just a very first version, leave me a comment, if you have some suggestion.
Update 15th Sep 2010: Improved protection and logging.
středa 21. července 2010
Přihlásit se k odběru:
Komentáře k příspěvku (Atom)
Žádné komentáře:
Okomentovat