[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] RE: Defeating nonce/token based CSRF protection
- From: Mike Duncan <Mike.Duncan@xxxxxxxx>
- Subject: Re: [WEB SECURITY] RE: Defeating nonce/token based CSRF protection
- Date: Fri, 18 Apr 2008 15:03:31 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeroen, sorry for the conversational mishaps, but this happens from time
to time. Hopefully it will not deter you or anyone else from using the
list as an informational gathering tool.
Thanks for asking the question. Glad we could help.
Jeroen van Dongen wrote:
> Thanks all for the answers -
>
> Mike Duncan summarised it nicely I guess:
> "...and we are answering: Yes, this is possible but security in depth is
> the best defense against this."
>
> Thanks again,
> Jeroen
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
- --
Mike Duncan
ISSO, Application Security Specialist
Government Contractor with STG, Inc.
NOAA :: National Climatic Data Center
151 Patton Ave.
Asheville, NC 28801-5001
mike.duncan@xxxxxxxx
828.271.4289
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFICPCCnvIkv6fg9hYRAhzHAJ9JD9HxkiJZ+H3PIbp+vvqYiIAT5gCeL75N
Js7pSLvRK6z6aooUyvk/h/A=
=WxXn
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Brought to you by http://www.webappsec.org
Search this site
|