Hacker News new | past | comments | ask | show | jobs | submit login

Sorry curebit. you are on the HN homepage so I CSRF hunt: http://evanlong.github.com/security/web/csrf/curebit.html

You pass in authenticity tokens but don't even bother to check them on the backend.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: