There's an interesting paper on CSRF mentioned on slashdot today:
http://www.freedom-to-tinker.com/sites/default/files/csrf.pdf
It mentions Catalyst along with some other frameworks and suggests a way
to build in CSRF-protection.
Cheers, Dave
___
-protection.
Cheers, Dave
I really don't understand why they even reference Catalyst. CSRF is a
generalized issue -- whether you use Catalyst or hand spun assembly for a
webapp the same protections are needed. Seems like a cheap way (listing a
bunch of frameworks in a security paper) to gain cheap
On Sep 30, 2008, at 10:08 AM, Moritz Onken wrote:
attackers can use POST
This is possible due to the fact that flash movies can send any
request to a server.
You can achieve this even with a XMLHTTPRequest.
If scripting is involved that makes it a XSS attack instead, though. No?
-Ashley
Am 30.09.2008 um 19:20 schrieb Ashley:
On Sep 30, 2008, at 10:08 AM, Moritz Onken wrote:
attackers can use POST
This is possible due to the fact that flash movies can send any
request to a server.
You can achieve this even with a XMLHTTPRequest.
If scripting is involved that makes it a
Moritz Onken [EMAIL PROTECTED] wrote on 09/30/2008 01:08:38 PM:
Am 30.09.2008 um 19:20 schrieb Ashley:
On Sep 30, 2008, at 10:08 AM, Moritz Onken wrote:
attackers can use POST
This is possible due to the fact that flash movies can send any
request to a server.
You can achieve this
Am 30.09.2008 um 21:15 schrieb [EMAIL PROTECTED]:
Moritz Onken [EMAIL PROTECTED] wrote on 09/30/2008 01:08:38 PM:
Am 30.09.2008 um 19:20 schrieb Ashley:
On Sep 30, 2008, at 10:08 AM, Moritz Onken wrote:
attackers can use POST
This is possible due to the fact that flash movies can send