Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re^2: Is your web application really secure? ("CSRF")

by betterworld (Curate)
on Mar 27, 2007 at 19:31 UTC ( #606853=note: print w/replies, xml ) Need Help??


in reply to Re: Is your web application really secure? ("CSRF")
in thread Is your web application really secure? ("CSRF")

I've thought for a while now that browsers probably shouldn't allow POST requests for another domain (especially scripted ones). Unfortunately that would break lots and lots of web applications
A good start would be to warn the user that the form is sent to an external site, and not to send cookies.
  • Comment on Re^2: Is your web application really secure? ("CSRF")

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://606853]
help
Chatterbox?
[karlgoethebier]: Cojones! We need cojones!
[karlgoethebier]: Ouch! Permissions! We need permissions!
[BarApp]: I can not use modules. I gain temporary access and still can not use modules.
[Cosmic37]: ta erix - this szabo geezer is pretty cool methinks and he writes about undef but I cannot see instructions for redefining the record separator after having undefined it
[Corion]: $/ = "wahtever";
[Corion]: (it's a magic variable)
[karlgoethebier]: BarApp: whoami
[Cosmic37]: ok fankyou - I was wondering about that but thought there might be a redefine command or something; peachy

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (9)
As of 2017-06-29 16:45 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    How many monitors do you use while coding?















    Results (672 votes). Check out past polls.