security:csrf
Differences
This shows you the differences between two versions of the page.
|
security:csrf [2011/12/23 13:36] ccagle8 created |
security:csrf [2013/04/19 15:04] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== CSRF Protection ====== | ||
| - | GetSimple 3.0+ has a built-in security system to prevent [[http://en.wikipedia.org/wiki/Cross-site_request_forgery|CSRF]]. This will prevent attempts to create malicious cross-site attacks aimed at exploiting and/or compromising your GetSimple installation. | ||
| - | |||
| - | While, not recommended unless you are having problems: you can turn off CSRF protection (3.1+ only) via a [[config:gsconfig|gsconfig.php setting]]. | ||
| - | |||
| - | ===== Reasons for False CSRF Problems ===== | ||
| - | |||
| - | In rare circumstances, your GetSimple installation will give you false CSRF notices, and will not allow you to perform any actions such as saving/creating pages, deleting file, etc. This is a maintained list of reasons why this may happen: | ||
| - | * File permissions are set to 0755 instead of 0644 | ||
security/csrf.txt ยท Last modified: 2013/04/19 15:04 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
