[WEB SECURITY] CSRF remedies in
Ory Segal
SEGALORY at il.ibm.com
Thu Jan 15 02:23:30 EST 2009
Hello,
Struts 2 seems to have some sort of a token interceptor that can be used
to protect against CSRF (tokenSessionInterceptor), you can find more
information on it here:
http://nickcoblentz.blogspot.com/2008/11/csrf-prevention-in-struts-2.html
-Ory
From:
Eric Rachner <eric at rachner.us>
To:
websecurity at webappsec.org
Date:
01/15/2009 02:32 AM
Subject:
[WEB SECURITY] CSRF remedies in
As most of us know, ASP.NET provides the ViewStateUserKey feature to
mitigate CSRF attacks. But as a primarily Microsoft-oriented guy, I'm not
personally aware of any equivalent solutions for use in other
environments, J2EE in particular, except of course for CSRFGuard.
Does anyone happen to know whether any web app development platforms other
than .NET provide CSRF mitigations like ViewStateUserKey?
Much obliged,
- Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090115/ff54ca74/attachment.html>
More information about the websecurity
mailing list