Comments for News of this site(Moderator:Administrator)
Target | News |
Subject | under the topic of against CSRF ... (2) |
Summary | XOOPS has a simple system preventing from CSRF in DB layer. POST && Good Referer --> allow all SQL !POST || Bad Referer --> allow only SQL starting with "SELECT"This is troublesome.If someone post a news with referer off, he will get message "Your post... |
hits 1 items | Replies | Views | Votes | Average | First post | Latest post | |
---|---|---|---|---|---|---|---|
Re: under the topic of against CSRF ... (2) | 1 | 11188 | 2 | 5.00 | 2006/6/1 8:38 skalpa | 2006/6/2 6:48 GIJOE |