Foiling Cross-Site Attacks

CSRF Defense.

• Use POST rather than GET in forms.

• Use $_POST rather than rely on register_globals (or $_REQUEST).

• Do not focus on convenience.

• Force the use of your own forms.