Your skill will accomplish what the force of many cannot |
|
PerlMonks |
Re^2: Is your web application really secure? ("CSRF")by tinita (Parson) |
on Apr 01, 2007 at 00:19 UTC ( [id://607659]=note: print w/replies, xml ) | Need Help?? |
i would add a random string to it, because if you know that it's the crypted user id you can still attack a user. of course then a corrupted website would only
work for one user at a time, so it's much safer than without tokens.
In Section
Meditations
|
|