You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Alan Cabrera (JIRA)" <ji...@apache.org> on 2009/03/06 14:59:56 UTC

[jira] Moved: (KI-16) Add support for easy protection against CSRF attacks

     [ https://issues.apache.org/jira/browse/KI-16?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alan Cabrera moved JSEC-48 to KI-16:
------------------------------------

        Fix Version/s:     (was: 1.0)
          Component/s:     (was: Web)
    Affects Version/s:     (was: 0.9)
                  Key: KI-16  (was: JSEC-48)
              Project: Ki  (was: JSecurity)

> Add support for easy protection against CSRF attacks
> ----------------------------------------------------
>
>                 Key: KI-16
>                 URL: https://issues.apache.org/jira/browse/KI-16
>             Project: Ki
>          Issue Type: New Feature
>            Reporter: Peter Ledbrook
>            Priority: Minor
>
> I have raised a similar issue for the Grails plugin here:
>   http://jira.codehaus.org/browse/GRAILSPLUGINS-806
> I'm not sure what form the implementation should take, but it's worth taking a look at the information provided by OWASP:
>   http://www.owasp.org/index.php/Top_10_2007-A5
> I'm considering adding a {{<jsec:form>}} tag that automatically adds a generated token that can be checked by the JSecurity filter on form submission.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.