* Bill Moseley <[EMAIL PROTECTED]> [2008-10-01 20:45]: > Where on the risk spectrum is CSRF compared to, say, session > hijacking?
It’s even harder than XSS to pull off, and requires even closer involvement of the attacker, but if they succeed, they can overcome barriers that could prevent an XSS attack from doing too much harm. In a sense, it’s the next step in the progression from CSRF to XSS. CSRF is dangerous primarily because of how easy it is to set up an attack. Regards, -- Aristotle Pagaltzis // <http://plasmasturm.org/> _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/