• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Webobjects vulnerability to cross-site request forgery?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Webobjects vulnerability to cross-site request forgery?

  • Subject: Webobjects vulnerability to cross-site request forgery?
  • From: Giles Palmer <email@hidden>
  • Date: Thu, 26 Jan 2012 15:11:05 +0000
Hi All

We have an application that lives behind a login and all requests are session based component requests.  We have been asked by a user about our vulnerability to Cross-site request forgery.

http://en.wikipedia.org/wiki/Cross-site_request_forgery
and
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

What do you guys do to protect against this? Are component urls and an authenticated session enough to prevent this?

Advice much appreciated.


Regards


Giles
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Webobjects vulnerability to cross-site request forgery?
      • From: Daniele Corti <email@hidden>
  • Prev by Date: Re: **SOLVED** Eclipse "3.7.1" hangs a lot - Anyone else?
  • Next by Date: Re: Webobjects vulnerability to cross-site request forgery?
  • Previous by thread: veogen.jar issue
  • Next by thread: Re: Webobjects vulnerability to cross-site request forgery?
  • Index(es):
    • Date
    • Thread