Secure Coding mailing list archives
Announcement: The Cross-site Request Forgery FAQ
From: bugtraq at cgisecurity.net (bugtraq at cgisecurity.net)
Date: Thu, 18 Jan 2007 14:13:20 -0500 (EST)
URL: The Cross-site Request Forgery FAQ http://www.cgisecurity.com/articles/csrf-faq.shtmlRegarding, "Who discovered CSRF?", the attack is mentioned in section 4.3.5 of RFC 2109, which dates back February 1997. Of course, the suggested remedies look rather strange today.
I hadn't seen that I'll add a brief note about that.
You characterisation of cross-site scripting attacks ("Cross-Site Scripting exploits the trust that a user has for the website or application.") is somewhat misleading, unless one reads "client" for "user".
Yes that wording is much better. Updated thanks for pointing it out. - Robert
Current thread:
- Announcement: The Cross-site Request Forgery FAQ bugtraq at cgisecurity.net (Jan 16)
- Announcement: The Cross-site Request Forgery FAQ Florian Weimer (Jan 18)
- Announcement: The Cross-site Request Forgery FAQ bugtraq at cgisecurity.net (Jan 18)
- Announcement: The Cross-site Request Forgery FAQ Florian Weimer (Jan 18)