HDIV against CSRF at­tacks

OpenSource For You - - ADMIN OVERVIEW -

How GoHV H',9 rHVSoQG DJDLQVW C65) DWWDFNV? ,WV PoVW XVHIXO IHDWXrH DJDLQVW C65) DWWDFNV LV WhDW LW VHQGV DQ DQWL-C65) WoNHQ (a long, ran­dom, non-re­peat­able string that changes with ev­ery rHTXHVW) Wo WhH FOLHQW, whLFh wLOO EH vHrL­fiHG LQ WhH rHTXHVW. H',9 SrovLGHV WhLV DQWL-C65) WoNHQ LQ HDFh IorP DQG OLQN oI WhH H70L re­sponse, en­sur­ing that it will be sent back in the next re­quest.

Ap­ply­ing any other Struts val­ida­tor or any other frame­work val­ida­tors can help in solv­ing prob­lems like SnL in­jec­tion and XSS, but will not solve pa­ram­e­ter tam­per­ing DQG C65) DWWDFNV—LQ oWhHr worGV, WhHy FDQQoW DVVXrH LQWHJrLWy oI GDWD. 0orHovHr, GHSOoyLQJ DQG FoQ­fiJXrLQJ val­ida­tors is waste­ful. HDIV pro­vides a much more se­cure, ef­fec­tive and clean se­cu­rity frame­work, with an easy oneWLPH LQVWDOODWLoQ DQG FoQ­fiJXrDWLoQ.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.