- Added CSRF token generation, as described in the narrative chapter entitled

"Preventing Cross-Site Request Forgery Attacks".
author: Chris McDonough <chrism@plope.com> 2010-12-22 18:27:07 -0500
committer: Chris McDonough <chrism@plope.com> 2010-12-22 18:27:07 -0500
commit: 319793d9b3d127ba2a9245713ef4f01b32918e95 (patch)
tree: 651a3ec0365c68d947938265bd5a9223a8d24d86 /TODO.txt
parent: 5801195412d2c809182304d09cc2860c61c6cc93 (diff)
download: pyramid-319793d9b3d127ba2a9245713ef4f01b32918e95.tar.gz
pyramid-319793d9b3d127ba2a9245713ef4f01b32918e95.tar.bz2
pyramid-319793d9b3d127ba2a9245713ef4f01b32918e95.zip
1 files changed, 0 insertions, 4 deletions
diff --git a/TODO.txt b/TODO.txt
index 0e8a935da..3a32322f8 100644
--- a/TODO.txt
+++ b/TODO.txt
@@ -18,10 +18,6 @@ Should-Have
 
 - translationdir ZCML directive use of ``path_spec`` should maybe die.
 
-- Add CRSF token creation/checking machinery (only "should have" vs. "must
-  have" because I'm not sure it belongs in Pyramid.. it definitely must exist
-  in formgen libraries, and *might* belong in Pyramid).
-
 - Change "Cleaning up After a Request" in the urldispatch chapter to
   use ``request.add_response_callback``.
author	Chris McDonough <chrism@plope.com>	2010-12-22 18:27:07 -0500
committer	Chris McDonough <chrism@plope.com>	2010-12-22 18:27:07 -0500
commit	319793d9b3d127ba2a9245713ef4f01b32918e95 (patch)
tree	651a3ec0365c68d947938265bd5a9223a8d24d86 /TODO.txt
parent	5801195412d2c809182304d09cc2860c61c6cc93 (diff)
download	pyramid-319793d9b3d127ba2a9245713ef4f01b32918e95.tar.gz pyramid-319793d9b3d127ba2a9245713ef4f01b32918e95.tar.bz2 pyramid-319793d9b3d127ba2a9245713ef4f01b32918e95.zip