Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSRF and Javascript RPCs - feedback please
Posted by: wck
Date: July 18, 2007 06:10PM

I just wrote up a blog post about a couple things I've been thinking about with respects to how a lot of websites that do JS RPC calls are exposing themselves to xsrf disclosures of private data. It's kind of long, but I would be interested to hear people's thoughts on the subject.

http://www.wendyk.org/wck/2007/07/why-javascript-remote-procedure-calls.html

tear away, I just wrote it up this evening so I'm sure it's got some stuff wrong in there.

Options: ReplyQuote


Sorry, only registered users may post in this forum.