Zend_Form_Element_Hash and CRSF

I’m a little behind on this one, but earlier this month, Tom Graham posted an article on preventing CRSF properly by sending back a 403 Forbidden if the Zend_Form_Element_Hash validation fails.

Well worth a read.

Posted by Rob on 14th March 2009 under Around the web | Comments Off

Comments are closed.