On Sat, Jun 18, 2016, at 12:02, Steven D'Aprano wrote: > Er, you may have missed that I'm talking about a single user setup. > Are you suggesting that I can't trust myself not to forge a request > that goes to a hostile site? > > It's all well and good to say that the application is vulnerable to > X-site attacks, but how does that relate to a system where I'm the > only user?
I don't think you understand what cross-site request forgery is, unless your definition of "single user setup" includes not connecting to the internet at all. The point is that one site causes the client to send a request (not desired by the user) to another site. That the client is a single-user system makes no difference. -- https://mail.python.org/mailman/listinfo/python-list
