- •
Exploits the trust a site has for a particular user
- •
Generally involves Web sites that rely completely on the
identification of the user for security
- •
Involves "tricking" a user into unknowingly sending an HTTP request
of the attacker's choosing
- •
Represents the best reason to disable register_globals
- •
No easy solution - depends on application design
