I'm interested in learning how to prevent Cross-site request forgeries (CSRF) in my ColdFusion 9 application. I found a few tutorials online but none seem to be comprehensive. The best I've found is: http://www.mollerus.net/tom/blog/2009/01/an_easy_block_for_crosssite_request_forgeries_csrf.html But that's not a incredibly comprehensive or clear example.
Any tutorials, examples, or pointers available for preventing CSRF?
Thanks!
You should take a look at this link. ColdFusion 10 introduced two new functions to deal with CSRF; CSRFGenerateToken()
and CSRFVerifyToken()
.
http://www.learncfinaweek.com/week1/Cross_Site_Request_Forgery__CSRF_/