TLS break

Chimpy McSimian IV, Esq. mr.monkey at gmail.com
Tue Nov 10 19:43:55 EST 2009


On Mon, Nov 9, 2009 at 5:08 PM, Victor Duchovni
<Victor.Duchovni at morganstanley.com> wrote:

> attack, checking "Referrer" headers is no longer effective, so anti-CSRF
> defenses have to be more sophisticated (they *should* of course be more

Checking the Referer header never was effective. It's not even
guaranteed to be present, let alone true.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list