Open GoogleCodeExporter opened 8 years ago
Original comment by manico.james@gmail.com
on 1 Nov 2010 at 4:27
Original comment by manico.james@gmail.com
on 1 Nov 2010 at 12:52
how will the jsp calling the above tools be like.
I am a little confused with when should i set the csrf token in the request
paremeter. Should that be onsubmit?
Original comment by brijesh....@gmail.com
on 6 Jul 2011 at 8:10
Hi,
As per the above mentioned mechanism, we are adding a secret token as a hidden
field in JSP and hence it's passed in the request.
As we are passing is it in a jsp as a hidden field the attacker would be able
to find the value of the secret token and could add the same in his malicious
request also. On such a scenario, we would not be able to differentiate the
malicious and intended request rite?
Apologies if my understanding is wrong! and requesting you to explain briefly
in i have understood wrongly.
Thanks!
Original comment by robinspe...@gmail.com
on 7 Jun 2013 at 6:10
Original issue reported on code.google.com by
rkli...@gmail.com
on 31 Oct 2010 at 2:03Attachments: