http://www.metafilter.com/tags/CSRF Posts tagged with 'CSRF' at MetaFilter. Sun, 22 Oct 2006 02:09:31 -0800 Sun, 22 Oct 2006 02:09:31 -0800 en-us http://blogs.law.harvard.edu/tech/rss 60 http://www.metafilter.com/55720/Self%2DLinking%2DConsidered%2DHarmful <a href="http://jeremiahgrossman.blogspot.com/2006/09/csrf-sleeping-giant.html">CSRF (Cross Site Request Forgery)</a> is starting to become a real issue for many web forums. While the vulnerability has been <a href="http://www.namb.la/popular/">around</a> for a <a href="http://shiflett.org/articles/security-corner-dec2004">while</a>, <a href="http://www.hardened-php.net/library/poking_new_holes_with_flash_crossdomain_policy_files.html">recently</a> <a href="http://shiflett.org/archive/271"> it</a> <a href="http://isc.sans.org/diary.php?storyid=1750">has</a> <a href="http://blog.thinkphp.de/archives/150-Buy-one-XSS,-get-a-CSRF-for-free.html"> become more</a> <a href="http://www.gnucitizen.org/blog/attackapi-08-is-out">interesting</a>. Luckily the policy against against self linking and some <a href="http://metatalk.metafilter.com/mefi/12891#351219">recent</a> fixes should protect readers here. tag:metafilter.com,2006:site.55720 Sun, 22 Oct 2006 02:09:31 -0800 crossdomain.xml CSRF omgtheinternetismelting security XSS mock