Secure Coding mailing list archives
Announcement: The Cross-site Request Forgery FAQ
From: fw at deneb.enyo.de (Florian Weimer)
Date: Thu, 18 Jan 2007 20:17:23 +0100
URL: The Cross-site Request Forgery FAQ http://www.cgisecurity.com/articles/csrf-faq.shtml
Regarding, "Who discovered CSRF?", the attack is mentioned in section 4.3.5 of RFC 2109, which dates back February 1997. Of course, the suggested remedies look rather strange today. You characterisation of cross-site scripting attacks ("Cross-Site Scripting exploits the trust that a user has for the website or application.") is somewhat misleading, unless one reads "client" for "user".
Current thread:
- Announcement: The Cross-site Request Forgery FAQ bugtraq at cgisecurity.net (Jan 16)
- Announcement: The Cross-site Request Forgery FAQ Florian Weimer (Jan 18)
- Announcement: The Cross-site Request Forgery FAQ bugtraq at cgisecurity.net (Jan 18)
- Announcement: The Cross-site Request Forgery FAQ Florian Weimer (Jan 18)