File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Blog around the Campfire and the fly likes coderanch and csrf Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Other » Blog around the Campfire
Bookmark "coderanch and csrf" Watch "coderanch and csrf" New topic
Author

coderanch and csrf

Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30309
    
150

There was an announcement about a soon to be announced issue with CSRF in the forums last month. Turns out with stock JForum someone could have deleted the forums with a CSRF attack! (don't worry, they can't anymore.)

3 part blog post describing CSRF, how we fixed it, many of the obstacles encountered (interesting bugs and coding techniques) and links to github showing some code changes.
part 1
part 2
part 3

As I was doing this, I learned a lot of people haven't heard of CSRF. Check out the blog to learn more or ask here - in this post or in the forums.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Andrew Monkhouse
author and jackaroo
Marshal Commander

Joined: Mar 28, 2003
Posts: 11424
    
  85

Excellent series of posts Jeanne, and thanks for all the work you did in fixing the problem!


The Sun Certified Java Developer Exam with J2SE 5: paper version from Amazon, PDF from Apress, Online reference: Books 24x7 Personal blog
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30309
    
150

Part 4 - we removed the JavaScript dependency.
 
wood burning stoves
 
subject: coderanch and csrf