Hello cata-listers, I was reading an article about CSRF last night:
http://www.25hoursaday.com/weblog/2007/06/05/WhatRubyOnRailsCanLearnFromASPNET.aspx and realized that Catalyst is just as "vulnerable" as Rails. So, I wrote Catalyst::Plugin::FormCanary to solve the problem. If you care about CSRF, get it from CPAN, load it into your app, and stop worrying :) It's sort of unpolished right now (see the TODO section) but it does work, (even with FormBuilder), and it fails in a secure state instead of an insecure state. It has good test coverage, so if you feel like fixing something in the TODO list write a test, fix it, and send me a patch. Enjoy! Regards, Jonathan Rockway -- package JAPH;use Catalyst qw/-Debug/;($;=JAPH)->config(name => do { $,.=reverse qw[Jonathan tsu rehton lre rekca Rockway][$_].[split //, ";$;"]->[$_].q; ;for 1..4;$,=~s;^.;;;$,});$;->setup; _______________________________________________ List: [email protected] Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
