Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: Is your web application really secure? ("CSRF")

by perrin (Chancellor)
on Mar 28, 2007 at 04:39 UTC ( #606905=note: print w/ replies, xml ) Need Help??


in reply to Is your web application really secure? ("CSRF")

This was a good description of the problem, tinita. See also, http://shiflett.org/blog/2007/mar/my-amazon-anniversary.


Comment on Re: Is your web application really secure? ("CSRF")
Re^2: Is your web application really secure? ("CSRF")
by tinita (Parson) on Apr 01, 2007 at 00:22 UTC
    interesting. i tried it out, and it works. also interesting is, that many people don't seem to care and think it's nothing bad that somebody can put something in you shopping cart this way.
Re^2: Is your web application really secure? ("CSRF")
by tinita (Parson) on Apr 11, 2007 at 18:56 UTC
    i tried this out with a GET-form instead of post. even that works. so you can put anything into someones amazon shopping cart even without javascript. =(

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://606905]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (9)
As of 2014-09-15 09:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite cookbook is:










    Results (145 votes), past polls