You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Peter Ledbrook (JIRA)" <ji...@apache.org> on 2009/01/23 17:03:59 UTC
[jira] Created: (JSEC-48) Add support for easy protection against
CSRF attacks
Add support for easy protection against CSRF attacks
----------------------------------------------------
Key: JSEC-48
URL: https://issues.apache.org/jira/browse/JSEC-48
Project: JSecurity
Issue Type: New Feature
Components: Web
Affects Versions: 0.9
Reporter: Peter Ledbrook
Priority: Minor
Fix For: 1.0
I have raised a similar issue for the Grails plugin here:
http://jira.codehaus.org/browse/GRAILSPLUGINS-806
I'm not sure what form the implementation should take, but it's worth taking a look at the information provided by OWASP:
http://www.owasp.org/index.php/Top_10_2007-A5
I'm considering adding a {{<jsec:form>}} tag that automatically adds a generated token that can be checked by the JSecurity filter on form submission.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Moved: (KI-16) Add support for easy protection against CSRF
attacks
Posted by "Alan Cabrera (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KI-16?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alan Cabrera moved JSEC-48 to KI-16:
------------------------------------
Fix Version/s: (was: 1.0)
Component/s: (was: Web)
Affects Version/s: (was: 0.9)
Key: KI-16 (was: JSEC-48)
Project: Ki (was: JSecurity)
> Add support for easy protection against CSRF attacks
> ----------------------------------------------------
>
> Key: KI-16
> URL: https://issues.apache.org/jira/browse/KI-16
> Project: Ki
> Issue Type: New Feature
> Reporter: Peter Ledbrook
> Priority: Minor
>
> I have raised a similar issue for the Grails plugin here:
> http://jira.codehaus.org/browse/GRAILSPLUGINS-806
> I'm not sure what form the implementation should take, but it's worth taking a look at the information provided by OWASP:
> http://www.owasp.org/index.php/Top_10_2007-A5
> I'm considering adding a {{<jsec:form>}} tag that automatically adds a generated token that can be checked by the JSecurity filter on form submission.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSEC-48) Add support for easy protection against
CSRF attacks
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSEC-48?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12666590#action_12666590 ]
Les Hazlewood commented on JSEC-48:
-----------------------------------
Also, potential discussions have been discussed here: http://markmail.org/thread/fl2bcu75hese4tzb
Food for thought.
> Add support for easy protection against CSRF attacks
> ----------------------------------------------------
>
> Key: JSEC-48
> URL: https://issues.apache.org/jira/browse/JSEC-48
> Project: JSecurity
> Issue Type: New Feature
> Components: Web
> Affects Versions: 0.9
> Reporter: Peter Ledbrook
> Priority: Minor
> Fix For: 1.0
>
>
> I have raised a similar issue for the Grails plugin here:
> http://jira.codehaus.org/browse/GRAILSPLUGINS-806
> I'm not sure what form the implementation should take, but it's worth taking a look at the information provided by OWASP:
> http://www.owasp.org/index.php/Top_10_2007-A5
> I'm considering adding a {{<jsec:form>}} tag that automatically adds a generated token that can be checked by the JSecurity filter on form submission.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.