[security] CSRF protection

Thu Aug 23 08:37:14 UTC 2007

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all

I've done a article on CSRF protection (with demos) which may help
you develop your OpenID site. I found many of your sites to be very
open to CSRF attacks so please take the time to review my article
and demos.

http://www.thespanner.co.uk/2007/08/20/protection-against-csrf/

http://www.businessinfo.co.uk/labs/csrf_defend/csrf_demos.php

Cheers

Gareth
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkbNRmUACgkQrR8fg3y/m1Bm0gP/dC/2husxskKxKUFowmtlLOEEPM8b
3eA1YqoLlGs8OREOu1htWMswyE1le+TtGDWh2Joye2KDbdTuO0JvQ0DcKWRkWxwlc1Ve
jEdTOVwvza18YRGsUhjvW7I2ji/uwXEu5ZSXSZk2mjmirQVYbcv5zFkIupvHuPB/8uqt
IKHNQYE=
=IXVT
-----END PGP SIGNATURE-----

--
Click for free home mortgage rates from top companies. 
http://tagline.hushmail.com/fc/Ioyw6h4d9W6EUsV6v1mwVsAH8t20s7vOgacpi189CBBihZ1Jq2LHI4/