Re: [xwiki-devs] [xwiki-notifications] r31124 - platform/xwiki-tools/trunk/xwiki-configuration-resources/src/main/resources

Author: abusenius Date: 2010-09-15 20:00:02 +0200 (Wed, 15 Sep 2010) New Revision: 31124 Modified: platform/xwiki-tools/trunk/xwiki-configuration-resources/src/main/resources/xwiki.properties.vm Log: XWIKI-5461: Added configuration for CSRF protection Modified: platform/xwiki-tools/trunk/xwiki-configuration-resources/src/main/resources/xwiki.properties.vm =================================================================== --- platform/xwiki-tools/trunk/xwiki-configuration-resources/src/main/resources/xwiki.properties.vm 2010-09-15 17:59:36 UTC (rev 31123) +++ platform/xwiki-tools/trunk/xwiki-configuration-resources/src/main/resources/xwiki.properties.vm 2010-09-15 18:00:02 UTC (rev 31124) @@ -267,3 +267,23 @@ #crypto.passwd.keyDerivationFunctionPropertiesForPasswordVerification = millisecondsOfProcessorTimeToSpend = 200 #crypto.passwd.keyDerivationFunctionPropertiesForPasswordVerification = numberOfKilobytesOfMemoryToUse = 1024 #crypto.passwd.keyDerivationFunctionPropertiesForPasswordVerification = derivedKeyLength = 32 + +#------------------------------------------------------------------------------------- +# CSRF token component +#------------------------------------------------------------------------------------- + +#-# [Since 2.5M2] +#-# Controls whether secret token validation mechanism should be used (to prevent CSRF attacks). +#-# +#-# If enabled, all actions requiring "comment", "edit", "delete", "admin" or "programming" rights +#-# will check that the parameter "form_token" with the value of a random secret token is present +#-# in the request. +#-# This feature requires CSRFToken component.

+#-# +#-# Valid values: +#-# 0: Disabled +#-# 1: Enabled +#-# +#-# Default value is 0 +# core.csrftoken.enabled = 0