

Avoiding cross site request forgery in your web apps - mmaunder
http://markmaunder.com/2007/avoiding-cross-site-request-forgery-in-your-web-apps/
GMail recently fixed a CSRF vulnerability but not before someone lost their domain name to an attacker. A very brief summary of how to avoid the same mistake in your web apps.
======
maurycy
Far better read:

[http://activereload.net/2007/3/6/your-requests-are-safe-
with...](http://activereload.net/2007/3/6/your-requests-are-safe-with-us)

(and plugin attached!)

~~~
mmaunder
Not bad - assuming you're a rails dev.

