[WEB SECURITY] CSRF remedies in

Eric Rachner eric at rachner.us
Wed Jan 14 19:30:07 EST 2009


As most of us know, ASP.NET provides the
ViewStateUserKey<http://msdn.microsoft.com/en-us/library/system.web.ui.page.viewstateuserkey.aspx>feature
to mitigate CSRF attacks.  But as a primarily Microsoft-oriented
guy, I'm not personally aware of any equivalent solutions for use in other
environments, J2EE in particular, except of course for
CSRFGuard<http://www.owasp.org/index.php/CSRF_Guard>
.

Does anyone happen to know whether any web app development platforms other
than .NET provide CSRF mitigations like ViewStateUserKey?

Much obliged,

- Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090114/1f645145/attachment.html>


More information about the websecurity mailing list