Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 189BAB84B4
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Thu,  4 Sep 2014 22:01:41 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 605)
	id 74DAC14A243; Thu,  4 Sep 2014 22:01:40 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 6AA6D14A246
	for <pkgsrc-changes@NetBSD.org>; Thu,  4 Sep 2014 22:01:36 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id TL5mzXfvLE3i for <pkgsrc-changes@NetBSD.org>;
	Thu,  4 Sep 2014 22:01:35 +0000 (UTC)
Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd])
	by mail.netbsd.org (Postfix) with ESMTP id D5FFF14A242
	for <pkgsrc-changes@NetBSD.org>; Thu,  4 Sep 2014 22:01:35 +0000 (UTC)
Received: by cvs.netbsd.org (Postfix, from userid 500)
	id D3E2596; Thu,  4 Sep 2014 22:01:35 +0000 (UTC)
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
MIME-Version: 1.0
Date: Thu, 4 Sep 2014 22:01:35 +0000
From: "Mark Davies" <markd@netbsd.org>
Subject: CVS commit: pkgsrc/www/p5-WWW-CSRF
To: pkgsrc-changes@NetBSD.org
Reply-To: markd@netbsd.org
X-Mailer: log_accum
Message-Id: <20140904220135.D3E2596@cvs.netbsd.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk

Module Name:	pkgsrc
Committed By:	markd
Date:		Thu Sep  4 22:01:35 UTC 2014

Added Files:
	pkgsrc/www/p5-WWW-CSRF: DESCR Makefile distinfo

Log Message:
Import p5-WWW-CSRF 1.00

This module generates tokens to help protect against a website attack
known as Cross-Site Request Forgery (CSRF, also known as XSRF). CSRF
is an attack where an attacker fools a browser into make a request to
a web server for which that browser will automatically include some
form of credentials (cookies, cached HTTP Basic authentication, etc.),
thus abusing the web server's trust in the user for malicious use.

The most common CSRF mitigation is sending a special, hard-to-guess
token with every request, and then require that any request that is
not idempotent (i.e., has side effects) must be accompanied with such
a token. This mitigation depends critically on the fact that while an
attacker can easily make the victim's browser make a request, the
browser security model (same-origin policy, or SOP for short) prevents
third-party sites from reading the results of that request.


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/www/p5-WWW-CSRF/DESCR \
    pkgsrc/www/p5-WWW-CSRF/Makefile pkgsrc/www/p5-WWW-CSRF/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.