TLS break
Chimpy McSimian IV, Esq.
mr.monkey at gmail.com
Tue Nov 10 19:43:55 EST 2009
On Mon, Nov 9, 2009 at 5:08 PM, Victor Duchovni
<Victor.Duchovni at morganstanley.com> wrote:
> attack, checking "Referrer" headers is no longer effective, so anti-CSRF
> defenses have to be more sophisticated (they *should* of course be more
Checking the Referer header never was effective. It's not even
guaranteed to be present, let alone true.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list