ASP.NET has the ValidateAntiForgeryToken annotation to make sure the form submitted came from the server. This seems like a useful feature. Still requires the developer to place the proper code in the form, and separating form compilation away from the server (the View in Model, View, Controller) to achieve separation of concerns may make this difficult in the long run. Still, any feature which can help secure HTTP exchanges should be considered.
ASP.NET has the ValidateAntiForgeryToken annotation to make sure the form submitted came from the server. This seems like a useful feature. Still requires the developer to place the proper code in the form, and separating form compilation away from the server (the View in Model, View, Controller) to achieve separation of concerns may make this difficult in the long run. Still, any feature which can help secure HTTP exchanges should be considered.