csrf for JForum without javascript

Main menu:

Topics

Recent Posts

Feeds

RSS Feed RSS - Posts

March 2013
M T W T F S S
« Feb   Apr »
 123
45678910
11121314151617
18192021222324
25262728293031

Past Posts

Java/Java EE

JDBC

Other

Archive for March, 2013

csrf for JForum without javascript

March 23rd, 2013 by Jeanne Boyarsky

In February, I wrote a three part series on how we fixed JForum on coderanch to protect from CSRF. ¬†In included; Analysis Extending OWASP Problems Remaining problems Unfortunately, there were three remaining problems. Some mobile devices weren’t able to handle the JavaScript which added the tokens. ¬†Meaning our site didn’t work on all mobile devices. […]