Uploaded image for project: 'Pentaho BA Platform'
  1. Pentaho BA Platform
  2. BISERVER-6599

Upgrade to Tomcat 7, and incorporate the CSRF prevention filter

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Severity: High
    • Resolution: Duplicate
    • Affects Version/s: 4.0.0 GA (4.0.0 GA Suite Release)
    • Fix Version/s: 5.1.0 Backlog
    • Component/s: None
    • Labels:
      None
    • Notice:
      When an issue is open, the "Fix Version/s" field conveys a target, not necessarily a commitment. When an issue is closed, the "Fix Version/s" field conveys the version that the issue was fixed in.

      Description

      We're regularly getting inquiries about our Cross-Site Request Forgery prevention measures. Tomcat 7 has introduced a CSRF filter that can be included/used in the Pentaho webapp that will prevent CSRF. See http://www.tomcatexpert.com/blog/2011/05/09/cross-site-request-forgery

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              mbatchelor Marc Batchelor (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: