ahh yep :) I was actually fixing one of these last week using a different framework.
Must be late. Sebastiaan van Erk wrote: > > The point of CSRF attack is that you *DONT* have to hijack the session. > > By including for example an image on the attacking website with a src > reference to the vulnerable website, the browser load the page of > vulnerable website, and if you currently have a session, the browser > will be tricked into using your current session. That means, if you're > logged in, the attacking website can trick your browser into > (unknowingly and against your will) requesting any url on the vulnerable > website in the context of your current session. > > No session hijacking required. > > Regards, > Sebastiaan > -- View this message in context: http://www.nabble.com/Security-Features-offered-by-Wicket-tp15738864p15825239.html Sent from the Wicket - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]