[GeoNetwork-devel] CSRF attacks

hello,

does anyone have a good idea how to deal with CSRF attacks in GeoNetwork ?

It was inconclusively discussed today in IRC (http://irclogs.geoapt.com/geonetwork/%23geonetwork.2012-10-02.log, from 10:25).

thanks and kind regards
Heikki Doeleman

Would enabling ssh help the issue?

I just checked wikipedia it has some suggestions. http://en.wikipedia.org/wiki/Cross-site_request_forgery

I also wonder what implications the change to spring security will have. It should help for some cases, but I think that we may need to look at some of the suggestions in the wikipedia.

Jesse

On Tue, Oct 2, 2012 at 12:53 PM, heikki <tropicano@anonymised.com> wrote:

hello,

does anyone have a good idea how to deal with CSRF attacks in GeoNetwork ?

It was inconclusively discussed today in IRC (http://irclogs.geoapt.com/geonetwork/%23geonetwork.2012-10-02.log, from 10:25).

thanks and kind regards
Heikki Doeleman


Don’t let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev


GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork