Re: CORE-2010-1021: IBM WebSphere Application Server Cross-Site Request Forgery

0

Posted by Tyler Borland on Jun 19

I just saw this on reddit and have some questions that may answer my
question on why this took so long when tokens were implemented in other
areas of the product.

To start with, you seem to be able to disable three things. Application
security seems to be disabled by default and Java 2 Security would just
weaken certain points, if I have this correct due to IBM documentation.

The question I have is with the Administrative Security disablement….

Source: Re: CORE-2010-1021: IBM WebSphere Application Server Cross-Site Request Forgery

LAISSER UN COMMENTAIRE

S'il vous plaît entrez votre commentaire!
S'il vous plaît entrez votre nom ici

Notifiez-moi des commentaires à venir via e-mail. Vous pouvez aussi vous abonner sans commenter.

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.