W3C home > Mailing lists > Public > www-tag@w3.org > February 2010

ACTION-278: CSRF defense use case?

From: Jonathan Rees <jar@creativecommons.org>
Date: Tue, 16 Feb 2010 16:19:40 -0500
Message-ID: <760bcb2a1002161319y52a9b2a9v6e1f600f0e9857fe@mail.gmail.com>
To: Tyler Close <tyler.close@gmail.com>
Cc: www-tag@w3.org

Tyler,

I think it would be useful in this discussion to have a CSRF defense
use case on hand, since that's where this discussion started [1]. Can
you provide a simple but somewhat realistic scenario where unguessable
URIs might be helpful in CSRF defense?

Thanks
Jonathan

[1] http://www.w3.org/2001/tag/2009/06/23-minutes.html#item05

Tracker, this is ACTION-278

Received on Tuesday, 16 February 2010 21:20:13 GMT

This message: [ Message body ]
Next message: noah_mendelsohn@us.ibm.com: "Re: ACTION-388 Take a look at LMM's doctype/versioning proposal"
Previous message: Jonathan Rees: "Re: ACTION-388 Take a look at LMM's doctype/versioning proposal"
Next in thread: Tyler Close: "Re: ACTION-278: CSRF defense use case?"
Reply: Tyler Close: "Re: ACTION-278: CSRF defense use case?"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:19 GMT