Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re^2: Is your web application really secure? ("CSRF")

by tinita (Parson)
on Apr 01, 2007 at 00:19 UTC ( #607659=note: print w/replies, xml ) Need Help??


in reply to Re: Is your web application really secure? ("CSRF")
in thread Is your web application really secure? ("CSRF")

i would add a random string to it, because if you know that it's the crypted user id you can still attack a user. of course then a corrupted website would only work for one user at a time, so it's much safer than without tokens.
  • Comment on Re^2: Is your web application really secure? ("CSRF")

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://607659]
help
Chatterbox?
[zentara]: Strange, on clicking a link in a node, I am taken to that node, but my votes and login are lost. Should I post a Permonks Discussion?
[choroba]: that just means someone used a wrong link format
[choroba]: msg them or consider to fix
[zentara]: Gratias
[LanX]: pm != tk ;)
[Corion]: zentara: Most likely they used something like [http://www. perlmonks.org/? node=123456] instead of [id://123456], which uses whatever domain you're visiting from

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (6)
As of 2017-05-26 12:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?