This shows you the differences between two versions of the page.
security:csrf [2011/12/23 13:36] ccagle8 created |
security:csrf [2013/04/19 15:04] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== CSRF Protection ====== | ||
- | GetSimple 3.0+ has a built-in security system to prevent [[http://en.wikipedia.org/wiki/Cross-site_request_forgery|CSRF]]. This will prevent attempts to create malicious cross-site attacks aimed at exploiting and/or compromising your GetSimple installation. | ||
- | |||
- | While, not recommended unless you are having problems: you can turn off CSRF protection (3.1+ only) via a [[config:gsconfig|gsconfig.php setting]]. | ||
- | |||
- | ===== Reasons for False CSRF Problems ===== | ||
- | |||
- | In rare circumstances, your GetSimple installation will give you false CSRF notices, and will not allow you to perform any actions such as saving/creating pages, deleting file, etc. This is a maintained list of reasons why this may happen: | ||
- | * File permissions are set to 0755 instead of 0644 |