Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Shyam Ranjan (RANJANS2)
JP Morgan Chase
Shyam Ranjan
JP Morgan Chase
US
RANJANS2 Member since 2007 3 posts
JP Morgan Chase
Posted: Apr 7, 2017
Last activity: Apr 11, 2017
Posted: 7 Apr 2017 13:47 EDT
Last activity: 11 Apr 2017 16:40 EDT
Closed

Preventing Request based CSRF attack

All,

I know,we have a way to avoid session based CSRF attack , using the dynamic system settings as mentioned in this url:-

https://pdn.pega.com/configuring-csrf-protection/configuring-csrf-protection

But,i have been challenged with an issue related to request based attack, do not see any option in pega 7.1.9 to configure it.As usual,when raised a support request,they opened an enhancement request-again that will be for future version. Checking to see,if you guys have fixed this on your own.if yes,how?

***Updated by Moderator: Marissa to add SR Exists group tag***

To see attachments, please log in.
Security
Support Case Exists

Posted: 7 years ago
Posted: 11 Apr 2017 16:40 EDT
Marissa Rogers (MarissaRogers)
MOD
Principal Knowledge Management Specialist
Pegasystems Inc.
US

Hi RanjanS,

Here are a couple of items that may help you with your questions.

Cross site request forgery (CSRF)

SECU0008 alert: Cross-site forgery attack detected and blocked

Hoping that those can help you while we wait for the Community to input their own findings.

Thanks!

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice