Skip to main content

Blog Archive for swchan2 during May 2011

Cross-site request forgery (CSRF) is a malicious attack exploiting the trust of a site from a user's browser. As an example, an user may be tricked to invoke a url to do a bank transaction by either clicking on the url or accessing the url through <img>. In GlassFish 3.1.1, there is a CSRF prevention filter, org.apache.catalina.filters.CsrfPreventionFilter, which is based on Tomcat 7. The...