Chris Shiflett: Security Corner: Cross-Site Request Forgeries: "Security Corner: Cross-Site Request Forgeries
by Chris Shiflett
Welcome to another edition of Security Corner. This month's topic is cross-site request forgeries, a style of attack that lets an attacker send arbitrary HTTP requests from a victim user. That's worth reading a couple of times, and it will likely not be until you've seen your first example attack that you can fully understand or appreciate the danger."