(anti-) CSRF (Cross-Site-Request Forgery)

Post any questions regarding Installing or Upgrading Ebase, including problems starting up the Ebase Xi Server or Designer

Moderators: Jon, Steve, Ian, Dave

User avatar
dvanhussel
Ebase User
Posts: 161
Joined: Fri Oct 19, 2007 12:45 pm
Location: Haarlem, the Netherlands

(anti-) CSRF (Cross-Site-Request Forgery)

#1

Postby dvanhussel » Wed Apr 18, 2018 7:29 am

Hi,

In an audit report of a pen-tester it is stated that 'they are unable to determine if anti- CSRF techniques are in place' for our Ebase forms.

Does Ebase provide this as standard? Or is it something we have to implement?

Regards,

David
0 x

Jon
Moderator
Moderator
Posts: 1342
Joined: Wed Sep 12, 2007 12:49 pm

Re: (anti-) CSRF (Cross-Site-Request Forgery)

#2

Postby Jon » Wed Apr 18, 2018 3:46 pm

No, it's not provided as standard. Tomcat provides an off-the-shelf CSRF protection filter and you could implement this.
0 x


Who is online

Users browsing this forum: No registered users and 8 guests