tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Jung <markus.jun...@gmail.com>
Subject Cross-site request forgery protection module
Date Wed, 10 Aug 2011 14:11:50 GMT

the CSRF protection module is now stable enough to relase version 1.0. It is
available at the project home page
http://code.google.com/p/gsoc2011-csrf-protection/ and contains all binary
artifacts, a user guide and the API documentation. It is compatible to
Tapestry 5.3.0, only the AjaxFormLoop component protection requires minor
changes to Tapestry. These changes are provided as patch (updated patch
available in JIRA). There are two demo applications (.war) that demonstrate
the functionality. Uli is going to deploy them to tapestry.zones.apache.org.

For the GSoC final evaluation I will submit the current version. However, I
would like to move the complete module into the Tapestry project. Therefore
I will create a patch including the protection module. Before I do this
integration it would be great to get some feedback on the current solution.
Finally the question is also if I should integrate the CSRF protection into
the tapestry-core project or to have a separate submodule. I would prefer to
have a separate submodule since the logic is currently clearly separated and
I don't want to bloat the core package.


View this message in context: http://tapestry.1045711.n5.nabble.com/Cross-site-request-forgery-protection-module-tp4685937p4685937.html
Sent from the Tapestry - Dev mailing list archive at Nabble.com.

To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org

View raw message