Ruby on Rails

Yes, but it that case I would expect to see a GET request where they get the token before they actually POST the form?  If I look in the logs all I see are these bots posting over and over again with different tokens, but apparently all legit.

On Friday, July 27, 2012 5:01:07 PM UTC-4, Jason FB wrote:

The authenticity token just ensures that the "agent" (person or bot) who submits the form first has to request the form. (right?)

If it's a public form, a bot is just as capable of requesting the form, saving the authenticity token, and submitting it back with the authenticity token.

The only real way to guard against bots is Captcha

On Jul 27, 2012, at 4:24 PM, Tom Rossi wrote:

How are bots able to create authenticity tokens that are valid?  I thought for sure authenticity tokens would make my forms bullet proof for bots.

Thanks,

Tom

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/Y70xtlw-zlsJ.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/qUMyyAdtNfIJ.
For more options, visit https://groups.google.com/groups/opt_out.