Hi,
In an audit report of a pen-tester it is stated that 'they are unable to determine if anti- CSRF techniques are in place' for our Ebase forms.
Does Ebase provide this as standard? Or is it something we have to implement?
Regards,
David
(anti-) CSRF (Cross-Site-Request Forgery)
Moderators: Jon, Steve, Ian, Dave
- dvanhussel
- Ebase User
- Posts: 161
- Joined: Fri Oct 19, 2007 12:45 pm
- Location: Haarlem, the Netherlands
-
- Moderator
- Posts: 1342
- Joined: Wed Sep 12, 2007 12:49 pm
Re: (anti-) CSRF (Cross-Site-Request Forgery)
No, it's not provided as standard. Tomcat provides an off-the-shelf CSRF protection filter and you could implement this.
0 x
Who is online
Users browsing this forum: No registered users and 6 guests