csrf for JForum without javascript

Main menu:

Topics

Recent Posts

Feeds

RSS Feed RSS - Posts

March 2013
M T W T F S S
« Feb   Apr »
 123
45678910
11121314151617
18192021222324
25262728293031

Past Posts

Java/Java EE

JDBC

Other

Archive for March, 2013

csrf for JForum without javascript

March 23rd, 2013 by Jeanne Boyarsky

In February, I wrote a three part series on how we fixed JForum on coderanch to protect from CSRF.  In included; Analysis Extending OWASP Problems Remaining problems Unfortunately, there were three remaining problems. Some mobile devices weren’t able to handle the JavaScript which added the tokens.  Meaning our site didn’t work on all mobile devices. […]