[Framework-Team] comments on plip224-csrf-protection

[Raphael Ritz]

Hello again,

I have nothing to add to Andi's excellent review.
I only want to reinforce that we should not only ship with the two new
packages but also start using them right away. At least for security
and administration related things like:

the personalize_form, password_form, ownership_form, the @@sharing view,
the control panel forms (which are quite a few) and maybe 'base_edit' or
'atct_edit' simply because it is used so much.

What I still don't see is whether anything KSS related needs attention
here as well.

It wouldn't hurt either to make the plone.app.protect README available
from the prefs_install_products_form (maybe QI should grow the ability
to look up the README from eggs in general?) simply to make it easier for
people to figure out what's going on and more importantly how they are
considered to use this in their own stuff.

Summary: +1 on inclusion of the packages but improvements along the lines
mentioned above very welcome.

Raphael