On Mon, Nov 9, 2009 at 5:08 PM, Victor Duchovni
<victor.ducho...@morganstanley.com> wrote:

> attack, checking "Referrer" headers is no longer effective, so anti-CSRF
> defenses have to be more sophisticated (they *should* of course be more

Checking the Referer header never was effective. It's not even
guaranteed to be present, let alone true.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to