[Owasp-leaders] Protecting Django apps from CSRF

Matt Tesauro matt.tesauro at owasp.org
Thu May 16 15:53:03 UTC 2013


While I'm up to my ears with Python at Rackspace & with OpenStack, I've not
used Django for any of the code I've written recently - or actually ever.

I'm got an  app which is basically using the Django CSRF protection as
outlined here:
https://docs.djangoproject.com/en/dev/ref/contrib/csrf/
for both "normal" web forms as well as AJAX calls.

I'm curious about anyone's experience with the Django CSRF protection, how
well it works and any "gotchas", weakness or other issues with Django's
CSRF protection.

List or direct replies appreciated.

Thanks in advance.

--
-- Matt Tesauro
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130516/eccc994d/attachment.html>


More information about the OWASP-Leaders mailing list