[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[WEB SECURITY] request forgery preventions
- From: "Chris Weber" <chris@xxxxxxxxxxx>
- Subject: [WEB SECURITY] request forgery preventions
- Date: Mon, 30 Oct 2006 16:18:50 -0800
------=_NextPart_000_0085_01C6FC3F.17950860
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In ASP.NET is anyone using a combination of VIEWSTATE and EVENTVALIDATION to
prevent the cross-site request forgery class of attacks?
Otherwise are you rolling your own solution or using some other session/flow
management system?
------=_NextPart_000_0085_01C6FC3F.17950860
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2900.2963" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D938381500-31102006>In =
ASP.NET is anyone=20
using a combination of VIEWSTATE and EVENTVALIDATION to prevent the =
cross-site=20
request forgery class of attacks? </SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D938381500-31102006></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN =
class=3D938381500-31102006>Otherwise are you=20
rolling your own solution or using some other session/flow management=20
system?</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D938381500-31102006></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D938381500-31102006></SPAN></FONT> </DIV></BODY></HTML>
------=_NextPart_000_0085_01C6FC3F.17950860--
Brought to you by http://www.webappsec.org
Search this site
|