On Thu, Jun 01, 2006 at 08:57:31PM +0200, [EMAIL PROTECTED] wrote: > >Woah (re Ubernode.org). One button click, you can add its ref to you. > > > >Here's a simple countermeasure: Check the Referer, and if it's set > >(outside 127.0.0.1:<port>), verify whatever transaction it is with > >another POST form. > > can be faked by server
How? As far as I can see that's equivalent to faking the URL in the location bar, which is regarded as a critical security bug in a browser? -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so.
signature.asc
Description: Digital signature
_______________________________________________ Devl mailing list [email protected] http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
