XSRF or CSRF or sea-surf is web security vulnerability that takes advantage of website's trust in user. In this attack, the user is forced into performing unwanted activities on the website where s/he is logged in. For instance, consider a personalized website (like bank) where you as a user are logged in. During login, browser … Continue reading Tornado – XSRF
Tag: Login
Tornado – Authentication
As we have seen, Tornado helps you deal with Cookies and Secure cookies so what's the next logical thing? Yes, user login. Let's look at the Tornado's capability for providing user authentication. Tornado provides get_current_user() method to determine if the user is already logged in. Developers need to override this method to get the current … Continue reading Tornado – Authentication