Which of the following are the limitations for the cross site request forgery (CSRF) attack?
Each correct answer represents a complete solution. Choose all that apply.
A.
The target site should authenticate in GET and POST parameters, not only cookies.
B.
The attacker must determine the right values for all the form inputs.
C.
The attacker must target a site that doesn’t check the referrer header.
D.
The target site should have limited lifetime authentication cookies.
Explanation: