Don't ask to ask, just ask | |
PerlMonks |
Re^3: Is your web application really secure? ("CSRF")by Joost (Canon) |
on Mar 29, 2007 at 19:25 UTC ( [id://607336]=note: print w/replies, xml ) | Need Help?? |
Yes, but I was talking about malicious sites faking referers without the user's explicit permission. If a user wants to forge a referer header there's no way to stop it. Note that we're trying to protect the user, not the web app per se.
In Section
Meditations
|
|