Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re^2: Is your web application really secure? ("CSRF")

by MidLifeXis (Monsignor)
on Mar 29, 2007 at 17:26 UTC ( #607313=note: print w/ replies, xml ) Need Help??


in reply to Re: Is your web application really secure? ("CSRF")
in thread Is your web application really secure? ("CSRF")

As far as I know you a malicious site can't fake a referer header* (unless maybe if you allow cross-site XMLHTTP - but all modern browsers prohibit that - right?)

Never trust the browser

--MidLifeXis


Comment on Re^2: Is your web application really secure? ("CSRF")
Replies are listed 'Best First'.
Re^3: Is your web application really secure? ("CSRF")
by Joost (Canon) on Mar 29, 2007 at 19:25 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://607313]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (8)
As of 2015-08-02 16:53 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The oldest computer book still on my shelves (or on my digital media) is ...













    Results (7 votes), past polls