Paid Advertising is
ha.ckers sla.cking
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
acccept header question
Posted by: dwhite
Date: March 12, 2009 02:19PM

Is checking for the Accept header that XMLHttpRequest sends on a JSON request (application/json, text/javascript, */*) a secure way of protecting against CSRF? It is possible to forge the Accept header with flash, however that can be restricted in a cross-domain policy file.

Options: ReplyQuote

Sorry, only registered users may post in this forum.