grouper-dev - RE: [grouper-dev] HTTP Data Integrity Validator
Subject: Grouper Developers Forum
List archive
- From: Chris Hyzer <>
- To: "William G. Thompson, Jr." <>, Grouper Dev <>
- Subject: RE: [grouper-dev] HTTP Data Integrity Validator
- Date: Fri, 27 Sep 2013 09:24:14 -0400
- Importance: normal
That looks like an interesting product, thanks. We have a home grown version of this at Penn and although it is more secure, there are usability tradeoffs with the back button, bookmarks, opening links in new tabs, ajax, implications with clustering. Etc... not sure if all of these apply to this product. I think if you validate when you display the page and validate when submitting, use bind variables, and handle csrf, you should be ok. If there is a security risk not handled that this addresses let me know
Thanks!
Chris
-------- Original message --------
From: "William G. Thompson, Jr." <>
Date: 09/27/2013 9:01 AM (GMT-05:00)
To: Grouper Dev <>
Subject: [grouper-dev] HTTP Data Integrity Validator
Given the security discussions lately, thought this might be of interested:
http://hdiv.org/index.htm
I haven't used this on any project, but briefly looking through the
docs it looks fairly impressive.
Best,
Bill
- [grouper-dev] HTTP Data Integrity Validator, William G. Thompson, Jr., 09/27/2013
- <Possible follow-up(s)>
- RE: [grouper-dev] HTTP Data Integrity Validator, Chris Hyzer, 09/27/2013
Archive powered by MHonArc 2.6.16.