[cap-talk] solve CSRF by making references unforgeable, not unshareable

lists at notatla.org.uk lists at notatla.org.uk
Wed Mar 25 15:05:29 EDT 2009


David-Sarah Hopwood wrote:

> References are made unforgeable by making valid representations
> of them either opaque or sparse (unguessable). Representations
> of SQL queries cannot be made opaque nor sparse.

Can things be opaque or sparse but not both?  What would be examples?


More information about the cap-talk mailing list