CSRF protection should be implemented even if your entire site is protected by S... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mike-cardwell on Nov 8, 2010 \| parent \| context \| favorite \| on: This is why sites choose to stay vulnerable to Fir... CSRF protection should be implemented even if your entire site is protected by SSL. Also, I didn't say "just as dangerous", I said "just dangerous"

al_james on Nov 8, 2010 [–]

Sorry for misquoting you.

However, with proper CSRF protection your man in the middle argument is not the case is it?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact