<div dir="ltr">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Issue with jQuery is it is simple to override by net console;
javascript:document.cookie="csrf_token=ID";
cookieValue = decodeURIComponent(document.cookie.substring(name.lenght + 1));
crsftoken = document.cookie;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQEcBAEBAgAGBQJRlQP+AAoJEHJ6fv5JwWqhQZUH/jNY8aJmDYAdrel4L3GLi/mc
Q/NA5CuV/gLvQDk4XWZdQtYjny4tNJw9mVRB58ABqShEhx+it1gzHc9DboJIZhVw
XXwFTQ+SgJrGPH3ipbcVomBfw1Gy1XK1M6tu32zhVcnX4CMC/ABrxK/PrnaErOKk
fGY+rq8Mq0hmaBtLs1Gc6I0UvX/DLfwsuibcxmpfLjkGm5rQ+zjmCmgsI6PWITUg
PDSMOayxDj4TnsWNsbzdeZWW/AE67sA7ba887ruqy8exbFfM5M5LwRq9S8rw1x1A
peF5DpuZ1QUmHcN1yrCLQqgP9PqY1KRoVCGn5Iuu3uEOws4ymggclrgR4WmaQ9I=
=qhFq
-----END PGP SIGNATURE-----
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 16, 2013 at 11:53 AM, Matt Tesauro <span dir="ltr"><<a href="mailto:matt.tesauro@owasp.org" target="_blank">matt.tesauro@owasp.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>While I'm up to my ears with Python at Rackspace & with OpenStack, I've not used Django for any of the code I've written recently - or actually ever.</div>
<div><br></div><div>
I'm got an  app which is basically using the Django CSRF protection as outlined here:</div><div><a href="https://docs.djangoproject.com/en/dev/ref/contrib/csrf/" target="_blank">https://docs.djangoproject.com/en/dev/ref/contrib/csrf/</a><br>

</div><div>for both "normal" web forms as well as AJAX calls.</div><div><br></div><div>I'm curious about anyone's experience with the Django CSRF protection, how well it works and any "gotchas", weakness or other issues with Django's CSRF protection.</div>

<div><br></div><div>List or direct replies appreciated.</div><div><br></div><div>Thanks in advance.</div><br clear="all"><div>--<br>-- Matt Tesauro<br>OWASP WTE Project Lead<br><a href="http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project" target="_blank">http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project</a><br>

<a href="http://AppSecLive.org" target="_blank">http://AppSecLive.org</a> - Community and Download site<div>OWASP OpenStack Security Project Lead<div><a href="https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project" target="_blank">https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project</a></div>

</div></div>
</div>
<br>_______________________________________________<br>
OWASP-Leaders mailing list<br>
<a href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
<br></blockquote></div><br></div>