tag:blogger.com,1999:blog-5469693634144057439.post1136062951428910335..comments2024-03-29T00:13:51.078-07:00Comments on The Manila Man: Cross Site Request Forgery. What it is and how to work around it.James Larry Gaines IIhttp://www.blogger.com/profile/05139261700052826951noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-5469693634144057439.post-78304052473666117752020-08-05T00:27:24.248-07:002020-08-05T00:27:24.248-07:00Extremely helpful post. This is my first time visi...Extremely helpful post. This is my first time visiting here. I discovered such a large number of intriguing stuff in your blog particularly its exchange. Truly its extraordinary article. Keep it up. <a href="https://cloudshinepro.com/" rel="nofollow">Oracle fusion training</a>cloudshinepro.comhttps://www.blogger.com/profile/12607235425872035323noreply@blogger.comtag:blogger.com,1999:blog-5469693634144057439.post-331558783945228682011-04-16T10:01:28.019-07:002011-04-16T10:01:28.019-07:00The token is supposed to be re-generated for every...The token is supposed to be re-generated for every request submitted. This means that, for every request, a different key is generated. This same key is stored on the session. Also, the key generated on the FORM is not literally the key saved on the session. Think of it as PKI, Form has the public key and the session has the private key. There should be some sort of calculation so that it's tougher for the hacker to generate the correct key himself.James Larry Gaines IIhttps://www.blogger.com/profile/05139261700052826951noreply@blogger.comtag:blogger.com,1999:blog-5469693634144057439.post-21327889322898010442009-08-30T22:15:13.196-07:002009-08-30T22:15:13.196-07:00Hi James,
It was a nice article. But I didn't...Hi James,<br /><br />It was a nice article. But I didn't get one thing. Even if we use filters to avoid XSRF the validation token is embedded in the form right. Still the hacker can send the same validation token along with his request. Correct me if I am wrong.<br /><br />Best Regards,<br />Raghavan GRaghavanhttps://www.blogger.com/profile/08085487789375637115noreply@blogger.com