[rules-dev] Guvnor XSRF attack?
Michael Anstis
michael.anstis at gmail.com
Thu Mar 24 10:34:42 EDT 2011
So, realistically we can expect our users to notice the hick-up at some
stage with 5.2.0 (or GWT2.1+ in reality).
Should we consider an emergency game-plan should a fix not be found prior to
release? e.g. Remove XSRF protection short-term. It doesn't leave Guvnor any
more exposed than we were pre-GWT2.1). I've posted to GWT's forums but had
no response as yet.
Views anybody?
Cheers,
Mike
On 24 March 2011 14:26, Tihomir Surdilovic <tsurdilo at redhat.com> wrote:
> On 3/23/11 4:34 PM, Michael Anstis wrote:
> > Has anybody experienced this in "Web" mode?
> Yes. When first reporting this I was running on JBoss AS 4.2.3.
>
> Thanks.
> _______________________________________________
> rules-dev mailing list
> rules-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-dev/attachments/20110324/d898b6b9/attachment.html
More information about the rules-dev
mailing list