Perhaps the question could be asked another way and be more on topic. Is there a fix in I.E. 6.01 that would interfere with PHP being able to generate different mime types on the fly, like .png or .jpg????
Thanks, Warren Vail -----Original Message----- From: Jay Blanchard [mailto:[EMAIL PROTECTED] Sent: Monday, August 16, 2004 10:57 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? [snip] I am working on securing an application that uses CDSSO (Cross Domain Single Sign On). I am trying to reproduce the CSRF (Cross Site Request Forgery) attack (using <img/> TAG) in I.E. 6.01, but am unable to do so. However the attack works on Mozilla and other older browsers. My question: Is I.E. 6.01 SP1 doing something to foil the CSRF attack, i.e. only allow image extensions .gif .png .jpeg????? [/snip] You would have to ask the Microsoft Development Group, who probably does not subscribe to this list. Crossposting is bad. Being OT during a crosspost is even worse. I can hear the falmethrowers warming up in the wings. FYI -> This is (or use to be) a PHP list -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php