[WEB SECURITY] CSRF remedies in

Ory Segal SEGALORY at il.ibm.com
Thu Jan 15 02:23:30 EST 2009


Hello,

Struts 2 seems to have some sort of a token interceptor that can be used 
to protect against CSRF (tokenSessionInterceptor), you can find more 
information on it here: 
http://nickcoblentz.blogspot.com/2008/11/csrf-prevention-in-struts-2.html

-Ory







From:
Eric Rachner <eric at rachner.us>
To:
websecurity at webappsec.org
Date:
01/15/2009 02:32 AM
Subject:
[WEB SECURITY] CSRF remedies in



As most of us know, ASP.NET provides the ViewStateUserKey feature to 
mitigate CSRF attacks.  But as a primarily Microsoft-oriented guy, I'm not 
personally aware of any equivalent solutions for use in other 
environments, J2EE in particular, except of course for CSRFGuard.

Does anyone happen to know whether any web app development platforms other 
than .NET provide CSRF mitigations like ViewStateUserKey?

Much obliged,

- Eric


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090115/ff54ca74/attachment.html>


More information about the websecurity mailing list