[Owasp-cincinnati] CSRF Guard

Joe Combs jcombs10 at cinci.rr.com
Tue May 27 18:57:26 EDT 2008


A brief blog entry on the OWASP CSRF Guard:  
http://itmanagement.earthweb.com/secu/article.php/3739621

Has anyone used CSRFGuard?  I'm curious to hear how well the generated 
token works in cases where a page has multiple forms.  Does each form 
get it's own token?  Do they wind up getting the same token as a hidden 
field on each form?  Does it really matter?

Joe



More information about the Owasp-cincinnati mailing list