This week's book giveaway is in the Agile and other Processes forum.
We're giving away four copies of The Mikado Method and have Ola Ellnestam and Daniel Brolund on-line!
See this thread for details.
The moose likes Servlets and the fly likes Cross Site Request Forgery Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of The Mikado Method this week in the Agile and other Processes forum!
JavaRanch » Java Forums » Java » Servlets
Reply Bookmark "Cross Site Request Forgery" Watch "Cross Site Request Forgery" New topic
Author

Cross Site Request Forgery

Parminder Dhillon
Greenhorn

Joined: Dec 19, 2007
Posts: 5
posted
0
Quote
Hi

I am using owasp cross site request forgery guard(CSRFGuard) in one of my web based application.But its implementation is not proper in many pages where i use sendReditect means i redirect application to other page and alson in those pages where i use window.open or window.location

Thanks
Parminder
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I like...
Android Eclipse IDE Ubuntu
posted
0
Quote
Do you have a question?
Parminder Dhillon
Greenhorn

Joined: Dec 19, 2007
Posts: 5
posted
0
Quote
Yes my qustion is what to do in that case when redirecting to other page and we are using Cross site Request forger guard.As my application gives error in that case.
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 26184
    
  66

I like...
Eclipse IDE Java VI Editor
posted private message
0
Quote
Originally posted by Parminder Dhillon:
where i use window.open or window.location

It's an open source filter. You can add to the code to include looking for javascript actions/urls and add the token that way.

[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
 
I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
 
subject: Cross Site Request Forgery
 
Similar Threads
Reg: Java Web Application Security
Use of third party library to handle security threats
Need suggestion for preventing website from security breaches
Cross Site Request Forgery
Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10