in reply to Re: Is your web application really secure? ("CSRF")
in thread Is your web application really secure? ("CSRF")
As far as I know you a malicious site can't fake a referer header* (unless maybe if you allow cross-site XMLHTTP - but all modern browsers prohibit that - right?)
--MidLifeXis
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^3: Is your web application really secure? ("CSRF")
by Joost (Canon) on Mar 29, 2007 at 19:25 UTC |
In Section
Meditations