How much does running everything over HTTPS mitigate this cross-site stuff? | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ams6110 on June 19, 2011 \| parent \| context \| favorite \| on: JSON users: Avoid CSRFs by not using top-level arr... How much does running everything over HTTPS mitigate this cross-site stuff?

wladimir on June 20, 2011 [–]

It doesn't. HTTPS mitigates passive sniffing and most MITM attacks but does not have any effect against cross-site script attacks such as CSRF and XSS.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact