Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re: Is your web application really secure? ("CSRF")

by perrin (Chancellor)
on Mar 28, 2007 at 04:39 UTC ( #606905=note: print w/ replies, xml ) Need Help??


in reply to Is your web application really secure? ("CSRF")

This was a good description of the problem, tinita. See also, http://shiflett.org/blog/2007/mar/my-amazon-anniversary.


Comment on Re: Is your web application really secure? ("CSRF")
Replies are listed 'Best First'.
Re^2: Is your web application really secure? ("CSRF")
by tinita (Parson) on Apr 01, 2007 at 00:22 UTC
    interesting. i tried it out, and it works. also interesting is, that many people don't seem to care and think it's nothing bad that somebody can put something in you shopping cart this way.
Re^2: Is your web application really secure? ("CSRF")
by tinita (Parson) on Apr 11, 2007 at 18:56 UTC
    i tried this out with a GET-form instead of post. even that works. so you can put anything into someones amazon shopping cart even without javascript. =(

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://606905]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (13)
As of 2015-09-04 23:57 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My preferred temperature scale is:










    Results (150 votes), past polls