This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Struts and the fly likes Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10" Watch "Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10" New topic
Author

Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10

Mike Thomson
Ranch Hand

Joined: Nov 07, 2007
Posts: 115
Hi,
I am addressing some of the Ethical hack vulnerabilites to my web site like Cross site scripting, sql injection and others.
Now I am trying to incorporate the Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10.
Is struts having any feature like this or how to achieve it in struts? PLease throw some light on it. thanks.
Mike Thomson
Ranch Hand

Joined: Nov 07, 2007
Posts: 115
any help?
Don Horrell
Greenhorn

Joined: Oct 29, 2004
Posts: 4
I have not used either yet, but I'm looking at HDIV (www.hdiv.org) and OWASP (http://www.owasp.org/index.php/CSRF_Guard). HDIV looks more efficient, as the OWASP CSRFGuard parses the HTML produced by the Web App.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10
 
Similar Threads
how to hide the struts2 action name being displayed in the URL
Cross Site Request Forgery
Use of third party library to handle security threats
Struts : how to reload a Listing Page later.
Need suggestion for preventing website from security breaches