Re^2: Is your web application really secure? ("CSRF")


We don't bite newbies here... much
	PerlMonks

Re^2: Is your web application really secure? ("CSRF")

by MidLifeXis (Monsignor)

on Mar 29, 2007 at 17:26 UTC ( [id://607313]=note: print w/replies, xml )

Need Help??

in reply to Re: Is your web application really secure? ("CSRF")
in thread Is your web application really secure? ("CSRF")

As far as I know you a malicious site can't fake a referer header* (unless maybe if you allow cross-site XMLHTTP - but all modern browsers prohibit that - right?)

Never trust the browser

--MidLifeXis

Comment on Re^2: Is your web application really secure? ("CSRF")

Replies are listed 'Best First'.
Re^3: Is your web application really secure? ("CSRF") by Joost (Canon) on Mar 29, 2007 at 19:25 UTC
Yes, but I was talking about malicious sites faking referers without the user's explicit permission. If a user wants to forge a referer header there's no way to stop it. Note that we're trying to protect the user, not the web app per se. "What should it profit a man, if he should win a flame war, yet lose his cool?"	[reply]

In Section Meditations

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://607313]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others romping around the Monastery: (4)

As of 2024-04-16 06:43 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found