whpearson comments on Positive Bias Test (C++ program) - Less Wrong

26 Post author: MBlume 19 May 2009 09:32PM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (75)

Comments (75)

Sort By: Best

You are viewing a single comment's thread. Show more comments above.

Comment author: whpearson 20 May 2009 10:02:06PM * 3 points [-]

You can still have XSRF attacks without javascript though... so they are not caused by javascript but facilitated. Harder but doable, and you might protect yourself from some in the wild by turning off javascript.

Reading up about this a bit more it does appear that noscript does help against XSRF even those that don't use javascript, by changing post requests from untrusted sites to empty gets.

More details can be found on the noscript developers blog,

Editted: Made correction suggested by child post of JGWeismann,

Comment author: JGWeissman 20 May 2009 10:33:16PM 0 points [-]

Reading up about this a bit more it does appear that noscript does help against XSRF even those that don't use javascript, by changing post requests to untrusted sites to empty gets.

Neat. Though I think you meant "changing post requests from untrusted sites to trusted sites to empty gets", as would be expected to protect against Cross Site Forgery.

whpearson comments on Positive Bias Test (C++ program) - Less Wrong

Article Navigation

Comments (75)

Nearest Meetups

Virtual Study Room

Recent Comments

Recent Posts

Recent Rationality Quotes

Recent Wiki Edits

Top Contributors, 30 Days

Recent Karma Awards

Comments (75)

Top Contributors, 30 Days

You'll need to login or register to do that

(Don't worry, it only takes a few seconds)

Create

Login