[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Article about HttpOnly

From: Kanatoko <anvil@xxxxxxxxxxx>
Subject: Re: [WEB SECURITY] Article about HttpOnly
Date: Thu, 31 Aug 2006 17:46:16 +0900

Brian Eaton wrote: 
> If somebody knows of CSRF protection techniques that can
> survive an XSS hole in the application, I'd love to hear about them.

How about requireing password (again)?

-- 
Kanatoko<anvil@xxxxxxxxxxx>
Open Source WebAppFirewall
http://guardian.jumperz.net/


----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] Article about HttpOnly
  - From: Brian Eaton

References:
- Re: [WEB SECURITY] Article about HttpOnly
  - From: RSnake
- Re: [WEB SECURITY] Article about HttpOnly
  - From: Brian Eaton

Prev by Date: Re: [WEB SECURITY] Article about HttpOnly
Next by Date: [WEB SECURITY] MySpace "private" profiles unmasked
Previous by thread: RE: [WEB SECURITY] Article about HttpOnly
Next by thread: Re: [WEB SECURITY] Article about HttpOnly
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org