[jira] Commented: (JSEC-48) Add support for easy protection against CSRF attacks

Les Hazlewood (JIRA) Fri, 23 Jan 2009 08:38:29 -0800

    [ 
https://issues.apache.org/jira/browse/JSEC-48?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12666590#action_12666590
 ]


Les Hazlewood commented on JSEC-48:
-----------------------------------

Also, potential discussions have been discussed here:  
http://markmail.org/thread/fl2bcu75hese4tzb

Food for thought.

> Add support for easy protection against CSRF attacks
> ----------------------------------------------------
>
>                 Key: JSEC-48
>                 URL: https://issues.apache.org/jira/browse/JSEC-48
>             Project: JSecurity
>          Issue Type: New Feature
>          Components: Web
>    Affects Versions: 0.9
>            Reporter: Peter Ledbrook
>            Priority: Minor
>             Fix For: 1.0
>
>
> I have raised a similar issue for the Grails plugin here:
>   http://jira.codehaus.org/browse/GRAILSPLUGINS-806
> I'm not sure what form the implementation should take, but it's worth taking 
> a look at the information provided by OWASP:
>   http://www.owasp.org/index.php/Top_10_2007-A5
> I'm considering adding a {{<jsec:form>}} tag that automatically adds a 
> generated token that can be checked by the JSecurity filter on form 
> submission.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JSEC-48) Add support for easy protection against CSRF attacks

Reply via email to