I'm, uh, pretty familiar with the routine. I stand by what I said: you do not ne... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek 49 days ago \| parent \| context \| favorite \| on: CSRF protection without tokens or hidden form fiel... I'm, uh, pretty familiar with the routine. I stand by what I said: you do not need any particular CSRF defense in place; you need to not have CSRF vulnerabilities. There's no OWASP checkbox-alike that requires you to have CSRF tokens, and plenty of real line-of-business apps at gigantic companies don't.

scott_w 49 days ago [–]

To be fair, though, you’re a lot more knowledgeable and experienced than some security “experts” I’ve had to deal with ;-)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact