Simon Willison’s Weblog

Subscribe

Friday, 6th May 2005

Fighting RFCs with RFCs

Google’s recently released Web Accelerator apparently has some scary side-effects. It’s been spotted pre-loading links in password-protected applications, which can amount to clicking on every “delete this” link — bypassing even the JavaScript prompt you carefully added to give people the chance to think twice.

[... 353 words]

URIs, Addressability, and the use of HTTP GET and POST. A comprehensive, if slightly dry, overview of the issue.

# 9:45 pm

Cross-site request forgery (CSRF). Somehow this vulnerability is news to me.

# 11:07 pm / csrf, security

2005 » May

MTWTFSS
      1
2345678
9101112131415
16171819202122
23242526272829
3031