On Mon, Nov 9, 2009 at 5:08 PM, Victor Duchovni <victor.ducho...@morganstanley.com> wrote:
> attack, checking "Referrer" headers is no longer effective, so anti-CSRF > defenses have to be more sophisticated (they *should* of course be more Checking the Referer header never was effective. It's not even guaranteed to be present, let alone true. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com