eZ Community » Forums » General » csrf issue
expandshrink

csrf issue

csrf issue

Thursday 25 October 2012 4:47:02 pm - 1 reply

Hi,

I did a security scan on my local installation (2012.6) recently and got some csrf positives, concerning the form actions content/search, content/advancedsearch, content/action and user/register .

Depending on the security scanner in use, the issue is marked "severity: high" or "low risk".

The request for unique tokens comes up frequently. Up to now I could not find any "official" statements from ez developers. Would be nice to know if there are any protective measures against csrf planned in future releases of eZ Publish.

Thanks.

Thursday 25 October 2012 5:07:19 pm

Hi Horst,

Please checkout http://doc.ez.no/eZ-Publish/Technical-manual/4.6/Features/eZ-Form-token-extension

expandshrink

You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from