On Thu, Feb 28, 2008 at 3:48 PM, Wade Preston Shearer <[EMAIL PROTECTED]> wrote:
> > It doesn't need to be XMLHttpRequest(). You can just use javascript to > submit a form which posts to a script which uses curl to post to the > shopping cart script. <http://irc.freenode.net> You defeat the purpose of CSRF by going outside the domain to use the script. CSRF attacks go after already applied authentication by using it against the user (using their security auth to do something malicious ). -- - http://stderr.ws/ "Insert pseudo-insightful quote here." - Some Guy _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
