Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: Is your web application really secure? ("CSRF")

by perrin (Chancellor)
on Mar 28, 2007 at 04:39 UTC ( [id://606905]=note: print w/replies, xml ) Need Help??


in reply to Is your web application really secure? ("CSRF")

This was a good description of the problem, tinita. See also, http://shiflett.org/blog/2007/mar/my-amazon-anniversary.

Replies are listed 'Best First'.
Re^2: Is your web application really secure? ("CSRF")
by tinita (Parson) on Apr 01, 2007 at 00:22 UTC
    interesting. i tried it out, and it works. also interesting is, that many people don't seem to care and think it's nothing bad that somebody can put something in you shopping cart this way.
Re^2: Is your web application really secure? ("CSRF")
by tinita (Parson) on Apr 11, 2007 at 18:56 UTC
    i tried this out with a GET-form instead of post. even that works. so you can put anything into someones amazon shopping cart even without javascript. =(

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://606905]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others scrutinizing the Monastery: (3)
As of 2024-03-19 04:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found