I have tested a JSF application with the CSRFtester tool, and the tool didn't report any CSRF problems. But I had read in the "OWASP_Top_10_2007_for_JEE.pdf", that all Java EE web application frameworks are vulnerable to CSRF and also some says we need to create a secret key for each session and开发者_运维百科 append it to the url. By doing this way we can secure our JSF application from the CSRF attack.This makes me confused. I cannot find any clear documentation. IS JSF is vulnerable to CSRF attack? What was the right way to protect a JSF application from CSRF attacks? Please help me out!!
Thanks in Advance!!
Yes, JSF is vulnerable to CSRF. I implemented CSRF prevention token for my JSF 1.2 application just a few days ago.
Here's what you could use:
Tomcat CSRF Prevention Filter (find the source)
Another wonderful solution, can be easily implemented on JSF 1.2
I used the combination of two. Works well.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论