Security Basics mailing list archives
Re: Cross-Site Request Forgeries
From: Emilio Casbas <ecasbas () s21sec com>
Date: Mon, 28 Jul 2008 09:08:42 +0200
Ricardo Tiago escribió:
Hi, What methods exist to protect against Cross-Site Request Forgeries? And what is the most efficient one?
- Inspecting Referer headers (it could be forged)- Validation via user-provided secret (ask for password for important transactions)
- Validation vía "action token" (in order to distinguish the genuine url from the forged.). The most efficient. Take a look: http://www.cgisecurity.com/articles/csrf-faq.shtml Regards Emilio.
Current thread:
- Cross-Site Request Forgeries Ricardo Tiago (Jul 27)
- Re: Cross-Site Request Forgeries Emilio Casbas (Jul 28)
- RE: Cross-Site Request Forgeries Sergio Castro (Jul 28)
- Re: Cross-Site Request Forgeries Dave Hull (Jul 28)
- Re: Cross-Site Request Forgeries Gregory Rubin (Jul 28)