GWT and XSRF Protection

Question

GWT and XSRF Protection

I am considering possible solutions to protect my GWT application from XSRF.

If I understand GWT solution correctly, it provides an accessible servlet that you use to create a token on the client side (when calling your RPC endpoint) and to check on the server side (when the call gets into your service).

Does this solution only support RPC calls? Of course, we need it to cover all user requests for the server?

Any other recommended XSRF solutions (I also look at OWASP CSRFGuard )?

+7

rpc gwt csrf owasp

Markus coetzee Jun 06 '11 at 10:02

source share

1 answer

Nick siderakis · Answer 1 · 2011-06-12T03:17:05+0000

I modified the GWT Sample application to protect against XSRF. This solution is approximately based on the solution presented in the GWT developer docs. http://code.google.com/p/xsrf-safe/

GWT and XSRF Protection

More articles: