Add support for easy protection against CSRF attacks
----------------------------------------------------
Key: JSEC-48
URL: https://issues.apache.org/jira/browse/JSEC-48
Project: JSecurity
Issue Type: New Feature
Components: Web
Affects Versions: 0.9
Reporter: Peter Ledbrook
Priority: Minor
Fix For: 1.0
I have raised a similar issue for the Grails plugin here:
http://jira.codehaus.org/browse/GRAILSPLUGINS-806
I'm not sure what form the implementation should take, but it's worth taking a
look at the information provided by OWASP:
http://www.owasp.org/index.php/Top_10_2007-A5
I'm considering adding a {{<jsec:form>}} tag that automatically adds a
generated token that can be checked by the JSecurity filter on form submission.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
