| CSRF Vulnerabilities and Code Igniter plugin |
[eluser]Pascal Kriete[/eluser]
@Bill, Thanks for posting. @xwero, It's not infected browsers that make these attacks possible. It's insecure sites. If any site you visit has a xss vulnerability (and there are a lot of them), then someone can use that hole to forge a request to any other site. In this case you're safe if javascript is turned off, yes. But there are other ways to forge requests. Flash, for example, can make cross site requests (limited by crossdomain.xml, but i've seen large sites that just set it to * ). YouTube example. Here the attacker isn't limited to GET. Protecting yourself is important, but as a developer you can't expect everyone who uses your site to have js turned off  .
|
| Welcome Guest, Not a member yet? Register Sign In |
MENU
EXTRA MENU
ABOUT US
CodeIgniter is a powerful PHP framework with a very small footprint, built for developers who need a simple and elegant toolkit to create full-featured web applications.
