[jboss-jira] [JBoss JIRA] (AS7-2383) Implement CSRF Protection for HTTP Interface
Darran Lofthouse (Created) (JIRA)
jira-events at lists.jboss.org
Thu Oct 27 06:08:45 EDT 2011
Implement CSRF Protection for HTTP Interface
--------------------------------------------
Key: AS7-2383
URL: https://issues.jboss.org/browse/AS7-2383
Project: Application Server 7
Issue Type: Bug
Components: Domain Management, Security
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Priority: Critical
Fix For: 7.1.0.CR1
For the HTTP interface we need some form of cross site request forgery protection to cover scenarios where an administrator has already authenticated against AS so the web browser has cached credentials - we need to prevent malicious requests from the same web browser.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list