permaculture playing cards*
The moose likes Blog around the Campfire and the fly likes coderanch and csrf Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Other » Blog around the Campfire
Bookmark "coderanch and csrf" Watch "coderanch and csrf" New topic

coderanch and csrf

Jeanne Boyarsky
internet detective

Joined: May 26, 2003
Posts: 30076

There was an announcement about a soon to be announced issue with CSRF in the forums last month. Turns out with stock JForum someone could have deleted the forums with a CSRF attack! (don't worry, they can't anymore.)

3 part blog post describing CSRF, how we fixed it, many of the obstacles encountered (interesting bugs and coding techniques) and links to github showing some code changes.
part 1
part 2
part 3

As I was doing this, I learned a lot of people haven't heard of CSRF. Check out the blog to learn more or ask here - in this post or in the forums.

[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Andrew Monkhouse
author and jackaroo
Marshal Commander

Joined: Mar 28, 2003
Posts: 11404

Excellent series of posts Jeanne, and thanks for all the work you did in fixing the problem!

The Sun Certified Java Developer Exam with J2SE 5: paper version from Amazon, PDF from Apress, Online reference: Books 24x7 Personal blog
Jeanne Boyarsky
internet detective

Joined: May 26, 2003
Posts: 30076

Part 4 - we removed the JavaScript dependency.
I agree. Here's the link:
subject: coderanch and csrf
Similar Threads
New Year, New Forum Software
SCEA Preparation Guidelines
Passionate Programmer Question.
select into outfile
Omission of Question (thread)