Can someone provide a better "forwardable" explanation of CSRF than the wikipedia version of "let me f-ing google that for you"?
I already unsuccessfully searched for a XKCD treatment.
Something I can forward to non-devs not written at dev level. Also no videos (who has time for that?). It sounds like a graphics arts type project, like a xkcd topic, so I guess something like that is what I'm looking for.
The wiki explanation is pretty good, just curious if anyone has anything better for non-technical-ish people.
No. Check out the example in the article, an attacker can make your browser submit a form with a POST request using JavaScript.
It's slightly harder to exploit, as the attacker can't just send you a link to facebook.com, but they can send you a link to example.com which has the form and uses JavaScript to submit the form.
The way CSRF works is that I put a form on evil.com that submits to example.com. If there's no CSRF protection, example.com will accept that form submission as if it had actually come from a page on example.com. GET/POST has nothing to do with it.
I already unsuccessfully searched for a XKCD treatment.
Something I can forward to non-devs not written at dev level. Also no videos (who has time for that?). It sounds like a graphics arts type project, like a xkcd topic, so I guess something like that is what I'm looking for.
The wiki explanation is pretty good, just curious if anyone has anything better for non-technical-ish people.