Cross Site Request Forgery - Computerphile

Tom, I'm never going to your blog, that's for sure now.

ja-vishaara

"But since then, it's got a bit more complicated"
-Tom Scott, 2013, describing the internet and the history of the universe in one sentence.

Sam_

As someone who is a complete novice, and is trying to learn about how to make websites, Tom Scott has made me terribly afraid of screwing something up and having a massive security hole.

ionlymadethistoleavecoment

I love how passionate Tom is about this. You can really see it in his face and hear it in his voice.

VictorFrost

After just graduating with a Bachelor of Computer Science, I can safely say I would have loved to have this guy as a lecturer; he explains things simply, clearly, interestingly and correctly! I'd like to say a big thanks to the Tom and the Computerphile team for spending their time and effort to make these great videos!

MozQit

The funniest thing about your videos is when you talk as if you were the server, interpreter, code or whatever! It would be funny as hell if that was the case, imagine trying to do something malicious, and having the server respond "Well, that's wrong. I'm not having that." in Tom's voice!

olatrials

"My hand has lower ambitions than my brain does"
Yeaaah I know the feel...

odyt

Please, don't ever stop making these.

luiscanamarvega

I remember 6 years ago (I was 12), I'd mess around with chat rooms for fun. Of course, doing so itself was stupid, but it taught me about modifying post-actions and functions, and also about proper security in how users interact with websites.

Basically, I had a plugin that let me edit post data before it was sent to the site. I'd mess around with the chat a few times, see what values changed in the post data, and then figured out what separate parts and values in the data were for. Eventually, I figured out how to modify the sessionID to be the same as other users, so that I didn't have to be in the chat to play around with it. I also learned how to mess with chat servers screen-name authentication, and to modify my screen-name when I was in the chat. Worst-yet, I learned how to modify user-permissions and mess around with the admin-panel login page so that the chat server thought I was an authentic admin that logged in through the admin-panel and let me use admin operations.

Of course, at the time I used it for immature things, but I eventually started thinking of ways for how the website could have avoided those problems. That sort of thinking helped inspire me to think in-depth about security in my programming projects.

matts.

Tom Scott is quickly becoming one of my favourite people on the internet. He's the kind of person i'd have wanted to be best friends with if we'd been kids at the same time and place

robbie

These Tom Scott videos are so addictive, I can't stop watching! xD

TheWP

Tom is probably my favorite person on this channel. I just love the way he talks and I love the topics he has.

MisterPorkchops

Being a web-developer I highly enjoy this series. Tom really knows what he is talking about, and I just love the enthusiasm. 

andersevenrud

This video inspired me to try to "steal" my CSRF token (as if I was trying to hack my own account). I the process I reinvented cross-origin HTTP requests and clickjacking. Turns out both this attacks are well-known and defended against.

АндрейБеньковский-шк

Got an exam on this tomorrow, this was so helpful for me, thanks! The way you explain things makes them easily accessible

blob

These are some of my favorite vids on computerphile! Security issues affect everyone and we need more clear explanations. I'd love for Tom to tackle jailbreaking.

steam

It's good having an episode of computerphile, mainly because the intricate and important details in computer are _so complicated_ even though I (thought) that I knew about computers. This kinda gives me a foundation.

Also you should probably talk about logic gates, whether it's minecraft or whatnot, they explain how you could have to light switches for one light

isaac

You'd be surprised how many web devs don't know about this in 2023

thoughtsofadyingatheist

This guy is an excellent presenter. Please, more of him.

ramikafa

These are awesome. This guy makes Computerphile the channel I look forward to. More of him.

Reddemon