|
Jim Dabell
jim-mod-python at jimdabell.com
Tue Sep 7 21:35:48 EDT 2004
On Friday 03 September 2004 21:26, mike bayer wrote: > > On Friday 03 September 2004 20:35, David Fraser wrote: > > > > If you don't use the query string parameters when you are expecting POST > > variables, then your users are not susceptible to this form of attack. > > sadly, not true: Well yes, of course Javascript can do it, but only if you don't follow CERT's advice by disabling client-side scripting for untrusted websites. I was making an unstated assumption there - it's still a security measure, but upon re-reading my post, I agree it's not as important as I made it sound. -- Jim Dabell
|