View Single Post
  #7  
Old 28 Dec 2009, 20:35
cellarius's Avatar
cellarius cellarius is offline
 
Join Date: Aug 2005
Real name: Sven
Visibility of the security token is not a problem securitywise. It is visible in the source code anyway. The sessionhash is passed along via URL by vB if cookies are disabled, that's the way it is. And no, disabling CSRF protection is not a good idea, it's there for a reason.
__________________
Please note that there will be no further updates to my addons, especially they will not be upgraded for vB5. I'm leaving vB, since IB choose to go the banana-way yet again.

http://www.roma-antiqua.de
Reply With Quote