* Peter Karman <[EMAIL PROTECTED]> [2008-01-23 03:50]: > In my apps, I do server-side auth checks to verify that users > can't act on data they should not have access to.
Peter, meet XSRF. XSRF, meet Peter. :-) My point with `<img src="/foo/delete">` was that an attacker tries to get an authenticated and authorised user to visit a page which contains that tag. Or maybe an authenticated and authorised user has software like the Google Web Accelerator installed. Regards, -- Aristotle Pagaltzis // <http://plasmasturm.org/> _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/