W liście Haron Media z dnia wtorek 09 lutego 2010: > In an ideal world, yeah. But it is the very nature of stateless HTTP > that is the reason attacks such CSRF exist.
Isn't it more problem with poor browser security policy that allows submitting cross-domain forms, submitting forms with javascript (wihtout user confirmation) etc. rather than statelessnes of HTTP itself? -- Paweł Stradomski -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
