-i am a web developer and i want to avoid my web site from being attacked from for example CSRF, i have read about this thread , but cannot understand how it will be a risk.
now if an authenticated user is using my web site and he had access an unsafe web site, then how will this unsafe web site know the full technical details of my web page to submit data instead of the user, are these data explicitly in the user cookies or what will be the problem?
BR
没有评论:
发表评论