[Owasp-cincinnati] CSRF Guard

Joe Combs jcombs10 at cinci.rr.com
Tue May 27 18:57:26 EDT 2008

A brief blog entry on the OWASP CSRF Guard:  

Has anyone used CSRFGuard?  I'm curious to hear how well the generated 
token works in cases where a page has multiple forms.  Does each form 
get it's own token?  Do they wind up getting the same token as a hidden 
field on each form?  Does it really matter?


More information about the Owasp-cincinnati mailing list