Is there any tutorial or documentation about implementing CSRF Protection in livesite?
I am using LiveSite 7.3.0.
I hope some expert can help me.
Thanks,
Herry
There isn't, as that's kinda beyond the bounds of rendering web content. That said, given that it runs on Spring, you could probably find yourself a framework for this that integrates fairly well with it.
But the big question is, what are you doing with LiveSite that would even require such a thing?
Thanks for the reply rpoulin.
I need this, because the company has some security policy, All public web need to prevent CSRF attacks.
I already search on google but there is nothing I can do in Livesite,
I read https://www.owasp.org/index.php/CSRFGuard_3_User_Manual. But I cannot implement that because, Livesite cannot add taglib jsp in *.page.
If somebody know how too add taglib in .page. It would be helpful for me.
Best regards & thanks,
You can't add a taglib within a .page. If anything, you'd be looking for something packaged as a Servlet Filter.
That said, your blanket security policy is nonsensical. It only makes sense to talk about CSRF if there's actually something to be gained by hijacking someone's session. In vanilla LiveSite, all you have is read-only web content so it's CSRF-resistent in that hacking the session token gets you nowhere.
If you were integrating with e-commerce or portal tools, then maybe there's something to think about (although that's really the third-party tool's business), which is why I'm asking what you're doing with LiveSite.
Hi thanks for the repty,
Okay, I will discuss with my IT security about this policy.
Thanks about your explanation.
Best Regards,
