[jboss-jira] [JBoss JIRA] (AS7-2383) Implement CSRF Protection for HTTP Interface
Darran Lofthouse (Resolved) (JIRA)
jira-events at lists.jboss.org
Wed Nov 2 13:44:45 EDT 2011
[ https://issues.jboss.org/browse/AS7-2383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse resolved AS7-2383.
-----------------------------------
Fix Version/s: (was: 7.1.0.CR1)
Resolution: Duplicate Issue
> Implement CSRF Protection for HTTP Interface
> --------------------------------------------
>
> Key: AS7-2383
> URL: https://issues.jboss.org/browse/AS7-2383
> Project: Application Server 7
> Issue Type: Bug
> Components: Domain Management, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Critical
>
> For the HTTP interface we need some form of cross site request forgery protection to cover scenarios where an administrator has already authenticated against AS so the web browser has cached credentials - we need to prevent malicious requests from the same web browser.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list