Commit 874c6331 by Alexander Makarov

A plan on security guide CSRF section

parent d05a373b
......@@ -120,7 +120,12 @@ Note that HtmlPurifier processing is quite heavy so consider adding caching.
Avoiding CSRF
-------------
TBD
TBD: what's CSRF, how it works, intro
1. Follow HTTP specification i.e. GET should not change application state.
2. Keep Yii CSRF protection enabled.
TBD: how CSRF protection works
Avoiding file exposure
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment