Cross Site Request Forgery


I suppose I should firstly explain what CSRF, or cross site request forgery, is. In a sense it is the opposite of cross site scripting. Instead or using the users trust in a web site CSRF uses the trust the server has in a user to create requests which usually result in user promotion or other things that only certain members can do.

Forms often use POST, especially forms like ones that, in a web based RPG, involve sending in-game money to another player. This means that you cannot use simple URLs with querystrings to send the variables. In this article Iíll talk about getting around that. SecuriTeam Blogs Ľ Cross Site Request Forgery

Linked by shanmuga Sunday, 8th January 2006 10:07PM