> That's part of it, but it's not a complete solution. > > That particular attack vector is called CSRF, cross-site request > forgeries. RSnake's XSS cheatsheet demonstrates using XSS on your own > site to launch the attack, but it can also be launched from any other > web site where your users visit. >
Really good article, Chris: http://shiflett.org/articles/security-corner-dec2004 I really like the solution of using tokens. Clint
