]> granicus.if.org Git - apache/commit
projects / apache / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b0269d6) | patch
Prevent CSRF attacks against the balancer-manager (CVE-2007-6420)
authorJoe Orton <jorton@apache.org>
Fri, 30 May 2008 11:49:31 +0000 (11:49 +0000)
committerJoe Orton <jorton@apache.org>
Fri, 30 May 2008 11:49:31 +0000 (11:49 +0000)
commit4a375eff2269d4a6178997a91c22116b3df5c272
tree723f84495e3ab533694f3a4fcf1056fc8ac17de1tree | snapshot
parentb0269d681d9fbd7931566ce927707b28ec475c98commit | diff
Prevent CSRF attacks against the balancer-manager (CVE-2007-6420)

* modules/proxy/mod_proxy_balancer.c (balancer_init): New function.
  (balancer_handler): Place a nonce in the form output, and check that
  the submitted form data includes that nonce.
  (ap_proxy_balancer_register_hook): Register the new post_config hook.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@661666 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | history
modules/proxy/mod_proxy_balancer.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.