Clinton Gormley wrote: > Really good article, Chris: > http://shiflett.org/articles/security-corner-dec2004 > > I really like the solution of using tokens.
Thanks! :-) It's worth noting that this safeguard is rendered ineffective if you have XSS vulnerabilities, thanks to Ajax. Malicious JavaScript can request the page with the token, parse the response, and submit the CSRF attack with the proper token, all from the client (victim). I've been doing some research on using Ajax in this way from other domains: http://shiflett.org/archive/250 http://shiflett.org/archive/263 http://shiflett.org/archive/267 Hope others find this stuff as interesting as I do. Chris -- Chris Shiflett http://shiflett.org/
