Re^2: Is your web application really secure? ("CSRF")


Syntactic Confectionery Delight
	PerlMonks

Re^2: Is your web application really secure? ("CSRF")

by MidLifeXis (Prior)

on Mar 29, 2007 at 17:26 UTC ( #607313=note: print w/ replies, xml )

Need Help??

in reply to Re: Is your web application really secure? ("CSRF")
in thread Is your web application really secure? ("CSRF")

As far as I know you a malicious site can't fake a referer header* (unless maybe if you allow cross-site XMLHTTP - but all modern browsers prohibit that - right?)

Never trust the browser

--MidLifeXis

Comment on Re^2: Is your web application really secure? ("CSRF")
Re^3: Is your web application really secure? ("CSRF") by Joost (Canon) on Mar 29, 2007 at 19:25 UTC
Yes, but I was talking about malicious sites faking referers without the user's explicit permission. If a user wants to forge a referer header there's no way to stop it. Note that we're trying to protect the user, not the web app per se. "What should it profit a man, if he should win a flame war, yet lose his cool?"	[reply]

In Section Meditations

Node Status^?

node history
Node Type: note [id://607313]
help

Chatterbox^?

How do I use this? | Other CB clients

Other Users^?

Others wandering the Monastery: (14)

As of 2013-05-22 08:51 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

The best material for plates (tableware) is:

Results (455 votes), past polls