There is general agreement that a Graphical User Interface (GUI) is a superior way to interact with a program, however a GUI is not always the best way. We need to learn to use “appropriate technology” that is, the right technology at the right situation. Read the rest of this entry »
Monthly Archives: June 2012
Securing against Cross-site Request Forgery
There is a type of attack (CSRF) that every form post is susceptible to. User 1 is logged into a site A and has a valid session. User 2 then sends an email message with a form post to site A, or a link to a rogue web page with a form post to site A. Since the session is maintained in cookies, this new form post will be accepted by the server as a valid part of the current session. In this way, User 2 can make User 1 make changes in the Site A that User 1 was not expecting. Read the rest of this entry »
