Date: Tue, 19 Jun 2007 12:34:00 +0000 (UTC) From: Lars Balker Rasmussen <lbr@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/www Makefile ports/www/p5-Catalyst-Plugin-FormCanary Makefile distinfo pkg-descr pkg-plist Message-ID: <200706191234.l5JCY0ms036560@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
lbr 2007-06-19 12:34:00 UTC
FreeBSD ports repository
Modified files:
www Makefile
Added files:
www/p5-Catalyst-Plugin-FormCanary Makefile distinfo pkg-descr
pkg-plist
Log:
FormCanary will examine your outgoing HTML and add a canary value to
each form. When the form is submitted, the value of the canary is com-
pared against one saved in the session at page generation time. If the
canary that's sent doesn't match the one in the session (or there is no
canary at all), the request is halted.
There is no way to get params into your application without a correct
canary. This is good for preventing "cross-site request attacks".
This module is compatible with FormBuilder. Just drop it into your use
line and have secure submit-once-only forms. Yay.
Inspired by:
http://www.25hoursaday.com/weblog/2007/06/05/WhatRubyOnRailsCanLearnFromASPNET.a
spx
Revision Changes Path
1.1850 +1 -0 ports/www/Makefile
1.1 +32 -0 ports/www/p5-Catalyst-Plugin-FormCanary/Makefile (new)
1.1 +3 -0 ports/www/p5-Catalyst-Plugin-FormCanary/distinfo (new)
1.1 +16 -0 ports/www/p5-Catalyst-Plugin-FormCanary/pkg-descr (new)
1.1 +7 -0 ports/www/p5-Catalyst-Plugin-FormCanary/pkg-plist (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200706191234.l5JCY0ms036560>