-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 11/16/12 3:29 PM, André Warnier wrote:
.. if your [sic, apologies] are not using
HttpServletResponse#encodeRedirectURL(String) or
HttpServletResponse#encodeURL(String) in your application, then
this filter would be unnecessary..
I
Hi,
I work on a web application that is vulnerable to CSRF(Cross Site Request
Forgery) attack. Tomcat 7 has a CSRF prevention filter. I went through the
description to configure this filter.
This filter expects that we call HttpServletResponse#encodeRedirectURL(String)
or
Vijaya Kumar wrote:
Hi,
I work on a web application that is vulnerable to CSRF(Cross Site Request Forgery) attack. Tomcat 7 has a CSRF prevention filter. I went through the description to configure this filter.
This filter expects that we call HttpServletResponse#encodeRedirectURL(String) or
Hi,
Thanks a lot for the quick response.
I have already gone through the suggestions given on Wikipedia. I found that
the suggestions provided over there are not feasible in our application's
context.
Therefore, I am looking for an alternate way of preventing this attack.
-Vijay
André
On 16/11/2012 10:01, André Warnier wrote:
Vijaya Kumar wrote:
Hi, I work on a web application that is vulnerable to CSRF(Cross Site
Request Forgery) attack. Tomcat 7 has a CSRF prevention filter. I went
through the description to configure this filter. This filter expects
that we call
On 16/11/2012 16:12, André Warnier wrote:
Mark Thomas wrote:
On 16/11/2012 10:01, André Warnier wrote:
Vijaya Kumar wrote:
Hi, I work on a web application that is vulnerable to CSRF(Cross Site
Request Forgery) attack. Tomcat 7 has a CSRF prevention filter. I went
through the description to
Mark Thomas wrote:
On 16/11/2012 16:12, André Warnier wrote:
Mark Thomas wrote:
On 16/11/2012 10:01, André Warnier wrote:
Vijaya Kumar wrote:
Hi, I work on a web application that is vulnerable to CSRF(Cross Site
Request Forgery) attack. Tomcat 7 has a CSRF prevention filter. I went
through
On 16/11/2012 18:50, André Warnier wrote:
Mark Thomas wrote:
On 16/11/2012 16:12, André Warnier wrote:
Mark Thomas wrote:
On 16/11/2012 10:01, André Warnier wrote:
Vijaya Kumar wrote:
Hi, I work on a web application that is vulnerable to CSRF(Cross Site
Request Forgery) attack. Tomcat 7 has
Mark Thomas wrote:
On 16/11/2012 18:50, André Warnier wrote:
Mark Thomas wrote:
On 16/11/2012 16:12, André Warnier wrote:
Mark Thomas wrote:
On 16/11/2012 10:01, André Warnier wrote:
Vijaya Kumar wrote:
Hi, I work on a web application that is vulnerable to CSRF(Cross Site
Request Forgery)
On 11/16/2012 3:29 PM, André Warnier wrote:
Mark Thomas wrote:
On 16/11/2012 18:50, André Warnier wrote:
Mark Thomas wrote:
On 16/11/2012 16:12, André Warnier wrote:
Mark Thomas wrote:
On 16/11/2012 10:01, André Warnier wrote:
Vijaya Kumar wrote:
Hi, I work on a web application that is
On 16/11/2012 20:29, André Warnier wrote:
Ok, so let's back up a little.
The OP wrote :
..This filter expects that we call
HttpServletResponse#encodeRedirectURL(String) or
HttpServletResponse#encodeURL(String).
I see that in my application we don't use the above mentioned methods.
..
Mark Thomas wrote:
On 16/11/2012 20:29, André Warnier wrote:
Ok, so let's back up a little.
The OP wrote :
..This filter expects that we call
HttpServletResponse#encodeRedirectURL(String) or
HttpServletResponse#encodeURL(String).
I see that in my application we don't use the above mentioned
André,
On 16/11/2012 14:39, André Warnier wrote:
Response (to Mark and David) : I accept the verdict of the native
English-speakers.
In my defense, I would say that to me, the word useless has more of a
negative connotation than what I wanted to express. Using an expression
such as
Bob Hall wrote:
André,
On 16/11/2012 14:39, André Warnier wrote:
Response (to Mark and David) : I accept the verdict of the native
English-speakers.
In my defense, I would say that to me, the word useless has more of a
negative connotation than what I wanted to express. Using an
14 matches
Mail list logo