There's no real protection against login, CRUD ops, etc. First step is using CSFR tokens on the forms.
There's no real protection against login, CRUD ops, etc. First step is using CSFR tokens on the forms.