Forum OpenACS Q&A: Response to Securing form submissions

Collapse
Posted by Ben Adida on
Remember that the referer information is still sent by the client,
and thus cannot be trusted (unless you assume that a cracker
would *only* use a compliant browser to attack your system). If
someone is trying to crack your site, this approach will not fully
prevent them from doing so.