This post goes through how we fixed CSRF (cross site request forgery) in JForum, issues encountered and approach. It is useful reading for anyone who needs to protect against CSRF on their website. Background Stock JForum has a number of security vulnerabilities. We’ve fixed a lot of the XSS ones. We hadn’t fixed CSRF as [...]
↧