09-10-2007, 08:08 PM
|
#4 (permalink)
|
|
Wizard
Join Date: Sep 2007
Posts: 1,299
Thanks: 17
|
Quote:
Originally Posted by Karl
You could, but it wouldn't really offer you much more protection against CSRF. Malicious users can also forge a POST request just as easily as a GET, I just thought the GET method made the example easier to grasp.
|
You cant forge POST requests from a remote server, the only way to put post data in is the form. |
|
|
|