| … | |
… | |
| 720 | |
720 | |
| 721 | And last but least, something else could bomb you that I forgot to think |
721 | And last but least, something else could bomb you that I forgot to think |
| 722 | of. In that case, you get to keep the pieces. I am always open for hints, |
722 | of. In that case, you get to keep the pieces. I am always open for hints, |
| 723 | though... |
723 | though... |
| 724 | |
724 | |
|
|
725 | If you are using JSON::XS to return packets to consumption |
|
|
726 | by javascript scripts in a browser you should have a look at |
|
|
727 | L<http://jpsykes.com/47/practical-csrf-and-json-security> to see wether |
|
|
728 | you are vulnerable to some common attack vectors (which really are browser |
|
|
729 | design bugs, but it is still you who will have to deal with it, as major |
|
|
730 | browser developers care only for features, not about doing security |
|
|
731 | right). |
|
|
732 | |
| 725 | |
733 | |
| 726 | =head1 BUGS |
734 | =head1 BUGS |
| 727 | |
735 | |
| 728 | While the goal of this module is to be correct, that unfortunately does |
736 | While the goal of this module is to be correct, that unfortunately does |
| 729 | not mean its bug-free, only that I think its design is bug-free. It is |
737 | not mean its bug-free, only that I think its design is bug-free. It is |
