permaculture playing cards*
The moose likes Struts and the fly likes Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10" Watch "Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10" New topic
Author

Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10

Mike Thomson
Ranch Hand

Joined: Nov 07, 2007
Posts: 115
Hi,
I am addressing some of the Ethical hack vulnerabilites to my web site like Cross site scripting, sql injection and others.
Now I am trying to incorporate the Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10.
Is struts having any feature like this or how to achieve it in struts? PLease throw some light on it. thanks.
Mike Thomson
Ranch Hand

Joined: Nov 07, 2007
Posts: 115
any help?
Don Horrell
Greenhorn

Joined: Oct 29, 2004
Posts: 4
I have not used either yet, but I'm looking at HDIV (www.hdiv.org) and OWASP (http://www.owasp.org/index.php/CSRF_Guard). HDIV looks more efficient, as the OWASP CSRFGuard parses the HTML produced by the Web App.
 
wood burning stoves
 
subject: Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10