Form submission CSRF issues in Magento 1.9.2.2

Magento now includes CSRF (Cross-Site Request Forgery) protection on publicly available forms such as the new user registration form. The goal of this is to make it impossible for anyone to POST to an URL without first visiting the corresponding form page. A token is supplied on this page that is sent along with the rest of the form to the server. The server validates the correctness of the token and responds in a sensible way if the token is correct. If the token is not however, the server ignores the POST request.

Continue reading Form submission CSRF issues in Magento 1.9.2.2

RADIUS Authentication driver for Kohana 3.3

Lately I was in need for an authentication driver that supports RADIUS servers. Happily the Kohana Auth module supports easy development of custom authentication drivers by extending the Auth class holding abstract specifications of the required methods. I implemented these methods making use of the PHP Radius extension (which therefore is required). The driver is publicly available at GitHub.

I am planning on implementing a pure PHP Radius client to get rid of the requirement of the PHP Radius extension.