Slashdot Mirror

← Back to Users

User: ebeeson

ebeeson's activity in the archive.

Stories
0
Comments
2
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 2

  1. Re:Computer systems need security audits. on CSRF Flaws Found On Major Websites, Including a Bank · · Score: 1

    Repeat after me: "telling people 'GET shouldn't change anything' reinforces the dangerously incorrect notion that POST can't be forged".

    JavaScript makes it *trivial* to POST data to an arbitrary server. Seriously, the only way to properly deal with this is to include and verify some sort of token in all POST requests (along with not allowing GET requests to modify data)

  2. Re:David Cope... on Resurrecting Performers Via Computer Performance · · Score: 1

    Beat me to it. Here are some MP3s of Cope's work: http://arts.ucsc.edu/faculty/cope/mp3page.htm