aspose file tools*
The moose likes Struts and the fly likes Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10" Watch "Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10" New topic
Author

Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10

Mike Thomson
Ranch Hand

Joined: Nov 07, 2007
Posts: 115
Hi,
I am addressing some of the Ethical hack vulnerabilites to my web site like Cross site scripting, sql injection and others.
Now I am trying to incorporate the Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10.
Is struts having any feature like this or how to achieve it in struts? PLease throw some light on it. thanks.
Mike Thomson
Ranch Hand

Joined: Nov 07, 2007
Posts: 115
any help?
Don Horrell
Greenhorn

Joined: Oct 29, 2004
Posts: 4
I have not used either yet, but I'm looking at HDIV (www.hdiv.org) and OWASP (http://www.owasp.org/index.php/CSRF_Guard). HDIV looks more efficient, as the OWASP CSRFGuard parses the HTML produced by the Web App.
 
 
subject: Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10
 
Similar Threads
Cross Site Request Forgery
Use of third party library to handle security threats
Need suggestion for preventing website from security breaches
Struts : how to reload a Listing Page later.
how to hide the struts2 action name being displayed in the URL