Thanks Chris, Yup I think my posting is very on-topic. The application that I am working on is written in PHP.
And I m sure all PHP developers check their applications for CSRF vulnerability, in various browsers (including I.E. ). As a PHP/Java developer, I would be interested to know what I.E. is doing in their browsers to prevent CSRF attacks. I m not trying to start a browser war here. Regards, Saqib Ali http://validate.sf.net <<< DocBook XML -> XHTML / PDF Convertor Chris Shiflett <[EMAIL PROTECTED]> No Phone Info Available 08/16/2004 11:17 AM Please respond to [EMAIL PROTECTED] To Jay Blanchard <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] cc Subject RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? --- Jay Blanchard <[EMAIL PROTECTED]> wrote: > You would have to ask the Microsoft Development Group, who > probably does not subscribe to this list. Crossposting is bad. > Being OT during a crosspost is even worse. I can hear the > falmethrowers warming up in the wings. > > FYI -> This is (or use to be) a PHP list I won't defend cross-posting, but I think CSRF is very on-topic. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/