in reply to Re: Is your web application really secure? ("CSRF")
in thread Is your web application really secure? ("CSRF")
As far as I know you a malicious site can't fake a referer header* (unless maybe if you allow cross-site XMLHTTP - but all modern browsers prohibit that - right?)
--MidLifeXis
In Section
Meditations