Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re^2: Is your web application really secure? ("CSRF")

by tinita (Parson)
on Apr 01, 2007 at 00:19 UTC ( #607659=note: print w/replies, xml ) Need Help??


in reply to Re: Is your web application really secure? ("CSRF")
in thread Is your web application really secure? ("CSRF")

i would add a random string to it, because if you know that it's the crypted user id you can still attack a user. of course then a corrupted website would only work for one user at a time, so it's much safer than without tokens.
  • Comment on Re^2: Is your web application really secure? ("CSRF")