--- [EMAIL PROTECTED] wrote: > And I m sure all PHP developers check their applications for > CSRF vulnerability, in various browsers (including I.E. ).
I speak about CSRF in many of the talks I give, and I think you'd be surprised by how many people haven't even heard of it. > As a PHP/Java developer, I would be interested to know what > I.E. is doing in their browsers to prevent CSRF attacks. I m > not trying to start a browser war here. Well, to be fair, even if it is true that IE does not request a URL referenced in an img tag unless the file extension matches a known image type, this isn't a complete or even optimal solution to the problem. Also, as Web developers, we can't assume that 100% of users are using this specific browser anyway, and that's the only way that it could eliminate the need to be mindful of CSRF attacks when we're writing our PHP code. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
