[SC-L] Announcement: The Cross-site Request Forgery FAQ
bugtraq at cgisecurity.net
bugtraq at cgisecurity.net
Thu Jan 18 14:13:20 EST 2007
> > URL: The Cross-site Request Forgery FAQ
> > http://www.cgisecurity.com/articles/csrf-faq.shtml
>
> Regarding, "Who discovered CSRF?", the attack is mentioned in section
> 4.3.5 of RFC 2109, which dates back February 1997. Of course, the
> suggested remedies look rather strange today.
I hadn't seen that I'll add a brief note about that.
>
> You characterisation of cross-site scripting attacks ("Cross-Site
> Scripting exploits the trust that a user has for the website or
> application.") is somewhat misleading, unless one reads "client" for
> "user".
Yes that wording is much better. Updated thanks for pointing it out.
- Robert
More information about the SC-L
mailing list