Re: [rules-dev] Guvnor XSRF attack?
I haven't seen it yet, firefox 3.6.15, mostly hosted mode.
Until we can reproduce it or at least understand why it's happening, I
propose:
- do not turn off XSRF protection on master
- turn off XSRF protection on the 5.2.0.x release branch (after it is
branched). To many reports to hope that our users won't suffer from it.
Once we understand why it's happening we can make an informed decision
to fix it or turn off the XSRF protection on master too.
Op 24-03-11 15:34, Michael Anstis schreef:
So, realistically we can expect our users to notice the hick-up at
some stage with 5.2.0 (or GWT2.1+ in reality).
Should we consider an emergency game-plan should a fix not be found
prior to release? e.g. Remove XSRF protection short-term. It doesn't
leave Guvnor any more exposed than we were pre-GWT2.1). I've posted to
GWT's forums but had no response as yet.
Views anybody?
Cheers,
Mike
On 24 March 2011 14:26, Tihomir Surdilovic <tsurdilo(a)redhat.com
<mailto:tsurdilo@redhat.com>> wrote:
On 3/23/11 4:34 PM, Michael Anstis wrote:
> Has anybody experienced this in "Web" mode?
Yes. When first reporting this I was running on JBoss AS 4.2.3.
Thanks.
_______________________________________________
rules-dev mailing list
rules-dev(a)lists.jboss.org <mailto:rules-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/rules-dev
_______________________________________________
rules-dev mailing list
rules-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-dev
--
With kind regards,
Geoffrey De Smet