--- Sean Burlington <[EMAIL PROTECTED]> wrote: > is there really any site which will accept a book > order based an a sigle GET?
Well, yes, but that is not the point really. The example of the <img> tag is just one way you can forge an HTTP request from another user (the victim). Also consider that many people create sites with PHP with register_globals set to on. Even when these people go to great lengths to validate all incoming data and to identify the user, this does not defend against CSRF. The data being sent is valid data, and the user sending it is the authenticated user. That is the danger. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
