Loading...

XML

Word

Printable

Details

Type: Improvement
Resolution: Unresolved
Priority: Minor
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Description

implement the org.owasp.csrfguard.token.storage.TokenHolder interface described here:

https://github.com/aramrami/OWASP-CSRFGuard/blob/master/csrfguard/src/main/resources/csrfguard.properties

Note, we dont need page level tokens, just the session tokens. Still store in memory too. Periodically purge the database table.

Explore hashing the tokens and session keys to see if that can work to not let the DB be a vector for session hacking...

Attachments

Activity

People

Assignee:: Chris Hyzer (upenn.edu)

Reporter:: Chris Hyzer (upenn.edu)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 12/Jan/23 6:18 PM

Updated:: 12/Jan/23 6:18 PM