Re: CSRF (Was: XSS evasion)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CSRF (Was: XSS evasion)

Subject: Re: CSRF (Was: XSS evasion)
Date: Mon, 09 Oct 2006 22:51:47 -0400
From: Chris Shiflett <suppressed>

Jonathan Vanasco wrote:
> > Unfortunately, Amit Klein published some research in July that
> > demonstrated how to do this with Flash. So, if your users use
> > clients that support Flash (which most do), this is not a good
> > safeguard.
> 
> Do you have a link to that?

http://webappsec.org/lists/websecurity/archive/2006-07/msg00069.html

Chris

-- 
Chris Shiflett
http://shiflett.org/

Prev by Date: Re: Apache::AuthCAS
Next by Date: Re: Apache::AuthCAS
Previous by thread: [mp2] test failures for content_length_header and status
Next by thread: [mp2] Does not build on Scientific Linux 4.3
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.