• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

coderanch and csrf

 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34668
366
Eclipse IDE Java VI Editor
  • Likes 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There was an announcement about a soon to be announced issue with CSRF in the forums last month. Turns out with stock JForum someone could have deleted the forums with a CSRF attack! (don't worry, they can't anymore.)

3 part blog post describing CSRF, how we fixed it, many of the obstacles encountered (interesting bugs and coding techniques) and links to github showing some code changes.
part 1
part 2
part 3

As I was doing this, I learned a lot of people haven't heard of CSRF. Check out the blog to learn more or ask here - in this post or in the forums.
 
Andrew Monkhouse
author and jackaroo
Marshal Commander
Pie
Posts: 11887
203
C++ Firefox Browser IntelliJ IDE Java Mac Oracle
  • Likes 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Excellent series of posts Jeanne, and thanks for all the work you did in fixing the problem!
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34668
366
Eclipse IDE Java VI Editor
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Part 4 - we removed the JavaScript dependency.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic