Search found 2 matches
- Mon Oct 20, 2008 11:10 am
- Forum: [locked] Quality Assurance
- Topic: Possible security issue: Cross-site request forgery
- Replies: 6
- Views: 24443
Re: Possible security issue: Cross-site request forgery
Thanks for the info. I should've read the documentation more thoroughly. I guess that effectively solves the issue.
- Mon Oct 20, 2008 10:03 am
- Forum: [locked] Quality Assurance
- Topic: Possible security issue: Cross-site request forgery
- Replies: 6
- Views: 24443
Possible security issue: Cross-site request forgery
One of our clients found this in their internal testing. The problem is that many site-altering functionalities, like posting news items, in the admin interface are operated through regular HTTP GETs, rather than e.g. POSTs authenticated in some way. For example, if an attacker finds out that exampl...
