-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 11/16/12 3:29 PM, André Warnier wrote:
> .. "if your [sic, apologies] are not using
> HttpServletResponse#encodeRedirectURL(String) or
> HttpServletResponse#encodeURL(String) in your application, then
> this filter would be unnecessary"..
Bob Hall wrote:
André,
On 16/11/2012 14:39, André Warnier wrote:
Response (to Mark and David) : I accept the verdict of the native
English-speakers.
In my defense, I would say that to me, the word "useless" has more of a
negative connotation than what I wanted to express. Using an expres
André,
On 16/11/2012 14:39, André Warnier wrote:
> Response (to Mark and David) : I accept the verdict of the native
> English-speakers.
> In my defense, I would say that to me, the word "useless" has more of a
> negative connotation than what I wanted to express. Using an expression
> suc
Mark Thomas wrote:
On 16/11/2012 20:29, André Warnier wrote:
Ok, so let's back up a little.
The OP wrote :
.."This filter expects that we call
HttpServletResponse#encodeRedirectURL(String) or
HttpServletResponse#encodeURL(String).
I see that in my application we don't use the above mentioned m
On 16/11/2012 20:29, André Warnier wrote:
> Ok, so let's back up a little.
>
> The OP wrote :
>
> .."This filter expects that we call
> HttpServletResponse#encodeRedirectURL(String) or
> HttpServletResponse#encodeURL(String).
> I see that in my application we don't use the above mentioned methods
On 11/16/2012 3:29 PM, André Warnier wrote:
Mark Thomas wrote:
On 16/11/2012 18:50, André Warnier wrote:
Mark Thomas wrote:
On 16/11/2012 16:12, André Warnier wrote:
Mark Thomas wrote:
On 16/11/2012 10:01, André Warnier wrote:
Vijaya Kumar wrote:
Hi, I work on a web application that is vul
Mark Thomas wrote:
On 16/11/2012 18:50, André Warnier wrote:
Mark Thomas wrote:
On 16/11/2012 16:12, André Warnier wrote:
Mark Thomas wrote:
On 16/11/2012 10:01, André Warnier wrote:
Vijaya Kumar wrote:
Hi, I work on a web application that is vulnerable to CSRF(Cross Site
Request Forgery) a
On 16/11/2012 18:50, André Warnier wrote:
> Mark Thomas wrote:
>> On 16/11/2012 16:12, André Warnier wrote:
>>> Mark Thomas wrote:
On 16/11/2012 10:01, André Warnier wrote:
> Vijaya Kumar wrote:
>> Hi, I work on a web application that is vulnerable to CSRF(Cross Site
>> Request For
Mark Thomas wrote:
On 16/11/2012 16:12, André Warnier wrote:
Mark Thomas wrote:
On 16/11/2012 10:01, André Warnier wrote:
Vijaya Kumar wrote:
Hi, I work on a web application that is vulnerable to CSRF(Cross Site
Request Forgery) attack. Tomcat 7 has a CSRF prevention filter. I went
through th
On 16/11/2012 16:12, André Warnier wrote:
> Mark Thomas wrote:
>> On 16/11/2012 10:01, André Warnier wrote:
>>> Vijaya Kumar wrote:
Hi, I work on a web application that is vulnerable to CSRF(Cross Site
Request Forgery) attack. Tomcat 7 has a CSRF prevention filter. I went
through the
Mark Thomas wrote:
On 16/11/2012 10:01, André Warnier wrote:
Vijaya Kumar wrote:
Hi, I work on a web application that is vulnerable to CSRF(Cross Site
Request Forgery) attack. Tomcat 7 has a CSRF prevention filter. I went
through the description to configure this filter. This filter expects
tha
On 16/11/2012 10:01, André Warnier wrote:
> Vijaya Kumar wrote:
>> Hi, I work on a web application that is vulnerable to CSRF(Cross Site
>> Request Forgery) attack. Tomcat 7 has a CSRF prevention filter. I went
>> through the description to configure this filter. This filter expects
>> that we call
Hi,
Thanks a lot for the quick response.
I have already gone through the suggestions given on Wikipedia. I found that
the suggestions provided over there are not feasible in our application's
context.
Therefore, I am looking for an alternate way of preventing this attack.
-Vijay
>>> André
Vijaya Kumar wrote:
Hi,
I work on a web application that is vulnerable to CSRF(Cross Site Request Forgery) attack. Tomcat 7 has a CSRF prevention filter. I went through the description to configure this filter.
This filter expects that we call HttpServletResponse#encodeRedirectURL(String) or Htt
14 matches
Mail list logo
