Chris Shiflett submitted a link this morning to let the PHP community know that his article, previously only published in a previous issue of php|architect - Foiling Cross-Site Attacks.

Security is a nebulous topic. Web applications are often described as being secure or insecure, and this yields dangerous misconceptions and confusion. Just how secure is a secure Web application? The inference is that such Web applications are 100% secure and invulnerable to any type of attack. Therefore, we can safely consider every Web application to be insecure. Now that we have established that all Web applications are insecure, I will explain how to make your Web applications more secure by describing two contrasting types of attacks, Cross-Site Scripting (XSS) and Cross-Site Request Forgeries (CSRF).

He continues on, showing you what a cross-site attack looks like, and how to prevent them from showing up and causing chaos on your site. They give you tons of examples and rules to follow to ensure that your application is safe, secure, and locked down tight from any random user just messing around...