Let's have a discussion on how we can improve preventing CSRF going forward. We may able to, annotate or put doAsPrivileged block at Java method / service level to mark which code blocks are idempotent (non-state changing). Checking is automatically done at some framework level. I believe it will be better than checking at the UI level. Developers will still have to manually mark which Java code is safe, but I think it'll be better.
The advantage I see are, 1. Marked at code level. Developer who writes the code has better understating about idempotency than the caller 2. Marked only ones and prevents attacks from multiple UIs and cookie (session) protected APIs (not sure we should have such APIs in C5) 3. If we can make it so, that the code is un-idempotent by default, only specially marked sections are idempotent, it eliminates the risk of developers forgetting to check for method type/idempotency How feasible you think this approach is? Will the cost be justified? -- With regards, *Manu*ranga Perera. phone : 071 7 70 20 50 mail : [email protected]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
