> URL: The Cross-site Request Forgery FAQ
> http://www.cgisecurity.com/articles/csrf-faq.shtml
Regarding, "Who discovered CSRF?", the attack is mentioned in section
4.3.5 of RFC 2109, which dates back February 1997. Of course, the
suggested remedies look rather strange today.
You characterisation of cross-site scripting attacks ("Cross-Site
Scripting exploits the trust that a user has for the website or
application.") is somewhat misleading, unless one reads "client" for
"user".
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
