http://www.perlmonks.org?node_id=606905


in reply to Is your web application really secure? ("CSRF")

This was a good description of the problem, tinita. See also, http://shiflett.org/blog/2007/mar/my-amazon-anniversary.
  • Comment on Re: Is your web application really secure? ("CSRF")

Replies are listed 'Best First'.
Re^2: Is your web application really secure? ("CSRF")
by tinita (Parson) on Apr 01, 2007 at 00:22 UTC
    interesting. i tried it out, and it works. also interesting is, that many people don't seem to care and think it's nothing bad that somebody can put something in you shopping cart this way.
[reply]
Re^2: Is your web application really secure? ("CSRF")
by tinita (Parson) on Apr 11, 2007 at 18:56 UTC
    i tried this out with a GET-form instead of post. even that works. so you can put anything into someones amazon shopping cart even without javascript. =(
[reply]

In Section Meditations