> > URL: The Cross-site Request Forgery FAQ
> > http://www.cgisecurity.com/articles/csrf-faq.shtml
>
> Regarding, "Who discovered CSRF?", the attack is mentioned in section
> 4.3.5 of RFC 2109, which dates back February 1997. Of course, the
> suggested remedies look rather strange today.
I hadn't seen that I'll add a brief note about that.
>
> You characterisation of cross-site scripting attacks ("Cross-Site
> Scripting exploits the trust that a user has for the website or
> application.") is somewhat misleading, unless one reads "client" for
> "user".
Yes that wording is much better. Updated thanks for pointing it out.
- Robert
_______________________________________________
Secure Coding mailing list (SC-L) [email protected]
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
