Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re^2: Is your web application really secure? ("CSRF")

by MidLifeXis (Monsignor)
on Mar 29, 2007 at 17:26 UTC ( #607313=note: print w/ replies, xml ) Need Help??


in reply to Re: Is your web application really secure? ("CSRF")
in thread Is your web application really secure? ("CSRF")

As far as I know you a malicious site can't fake a referer header* (unless maybe if you allow cross-site XMLHTTP - but all modern browsers prohibit that - right?)

Never trust the browser

--MidLifeXis


Comment on Re^2: Is your web application really secure? ("CSRF")
Replies are listed 'Best First'.
Re^3: Is your web application really secure? ("CSRF")
by Joost (Canon) on Mar 29, 2007 at 19:25 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://607313]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (16)
As of 2015-07-29 17:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (266 votes), past polls