[geeklog-devel] [geeklog-cvs] geeklog: Experimental: Give the user an idea how long they have ...
Dirk Haun
dirk at haun-online.de
Thu Oct 29 13:35:41 EDT 2009
>url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/
37fcd14cdee2
>description:
>Experimental: Give the user an idea how long they have until the
>security token expires
So Tony and myself were discussing CSRF and the dreaded usage problems
they cause when trying to make things secure. This was one idea we had.
I'd consider this an intermediate step until we get around to
overhauling the editors. But it will at least prevent some nasty
surprises (I would hope).
What does everybody think? Also, how's that message?
>+ 91 => 'You have until %s to make changes. After that time, the
>security token embedded into this page will expire and you will lose
>your changes. You can always hit "Preview" to extend the expiry time.'
This would need some adjustment for forms without a preview option, of
course. I was thinking of adding such a message to all the editors for 1.6.1.
bye, Dirk
--
http://www.haun-online.de/
http://geeklog.info/
More information about the geeklog-devel
mailing list