File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Struts and the fly likes Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10 Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Reply Bookmark "Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10" Watch "Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10" New topic
Author

Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10

Mike Thomson
Ranch Hand

Joined: Nov 07, 2007
Posts: 115
posted
0
Quote
Hi,
I am addressing some of the Ethical hack vulnerabilites to my web site like Cross site scripting, sql injection and others.
Now I am trying to incorporate the Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10.
Is struts having any feature like this or how to achieve it in struts? PLease throw some light on it. thanks.
Mike Thomson
Ranch Hand

Joined: Nov 07, 2007
Posts: 115
posted
0
Quote
any help?
Don Horrell
Greenhorn

Joined: Oct 29, 2004
Posts: 4
posted private message
0
Quote
I have not used either yet, but I'm looking at HDIV (www.hdiv.org) and OWASP (http://www.owasp.org/index.php/CSRF_Guard). HDIV looks more efficient, as the OWASP CSRFGuard parses the HTML produced by the Web App.
 
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
 
subject: Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10
 
Similar Threads
Use of third party library to handle security threats
how to hide the struts2 action name being displayed in the URL
Need suggestion for preventing website from security breaches
Struts : how to reload a Listing Page later.
Cross Site Request Forgery