[flexcoders] XSRF Vulnerability?

[Christian Edward Gruber]

Hi folks,      I've been digging into XSRF to make sure that my clients' portal implementations are protected against such, but was wondering:  With the varying access approaches Flex 2.0 apps have at their disposal, are typical default communications potentially vulnerable to XSRF attacks.  Are requests even consistent enough for this type of attack?  Are there standard Data Services places where HTTP calls are made that could be spoofed, and which are only authenticated by participation in a valid session?       If people have encountered such, are there practices people have adopted to avoid them?  Does Flex 2.0 already pass secure tokens to authenticate the valid source of a request already perhaps (I dare not hope)? regards, Christian. -- christian gruber + process coach and architect Israfil Consulting Services Corporation email [EMAIL PROTECTED] + bus 905.640.1119 + mob 416.998.6023 __._,_.___ -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com SPONSORED LINKS Web site design development Computer software development Software design and development Macromedia flex Software development best practice YAHOO! GROUPS LINKS  Visit your group "flexcoders" on the web.    To unsubscribe from this group, send an email to:  [EMAIL PROTECTED]    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. __,_._,___