Is MeFi protected against cross-site request forgery? October 22, 2006 3:12 AM Subscribe
Is MeFi protected against CSRF? I know the logout link isn't (should be a form button anyway) and could be triggered by displaying an image to a MeFi user, but if the forms are vulnerable things could get nasty (imagine someone posting a link that changes your prefs, or makes you create a post, etc.). Just askin'...