Forget it... it wouldn't help much.
http://en.wikipedia.org/wiki/Csrf:
Using POST instead of GET does not offer protection, as JavaScript can
be used to forge POST requests with ease.
On Mar 4, 2008, at 9:29 AM, Alex Jacoby wrote:
Just a thought from a security newbie... does/can wicket require
POST for form submissions? Would that prevent the issue of
embedding the evil param values in the src of an image?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]