Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re^2: Is your web application really secure? ("CSRF")

by tinita (Parson)
on Apr 01, 2007 at 00:19 UTC ( #607659=note: print w/ replies, xml ) Need Help??


in reply to Re: Is your web application really secure? ("CSRF")
in thread Is your web application really secure? ("CSRF")

i would add a random string to it, because if you know that it's the crypted user id you can still attack a user. of course then a corrupted website would only work for one user at a time, so it's much safer than without tokens.


Comment on Re^2: Is your web application really secure? ("CSRF")

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://607659]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (8)
As of 2015-07-29 19:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (267 votes), past polls