Anti-CSRF token (instance security hardening)

Use the glide.security.use_csrf_token property to ensure the use of a secure token to identify and validates incoming requests, which in turn are used to prevent these attacks.

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.

The following properties can be enabled for added controls over CSRF token:

glide.security.csrf_previous.time_limit
glide.security.csrf_previous.allow
glide.security.csrf.strict.validation.mode

More information


Attribute	Description
Property name	glide.security.use_csrf_token
Configuration type	System Properties (/sys_properties_list.do)
Configure in Instance Security Center	Yes
Purpose	To protect the application from potential CSRF attack.
Recommended value	true
Functional impact	(Low) This remediation enables an extra validation step before the instance user submits a write request to the instance. Every write request contains a CSRF token (i.e a validation/CSRF ID tied to the user session). When the user session expires, the secure token expires with it.
Security risk	(High) Cross Site Request Forgery is a significant security risk that violates the integrity of the instance data. An attacker can launch the CSRF attack by abusing the trust of an instance user. With the help of social engineering attacks, a user can submit a malformed request on behalf of the attacker on the instance.

To learn more about adding or creating a system property, see Add a system property.

Anti-CSRF token (instance security hardening)

Use the glide.security.use_csrf_token property to ensure the use of a secure token to identify and validates incoming requests, which in turn are used to prevent these attacks.

The following properties can be enabled for added controls over CSRF token:

glide.security.csrf_previous.time_limit
glide.security.csrf_previous.allow
glide.security.csrf.strict.validation.mode

More information


Attribute	Description
Property name	glide.security.use_csrf_token
Configuration type	System Properties (/sys_properties_list.do)
Configure in Instance Security Center	Yes
Purpose	To protect the application from potential CSRF attack.
Recommended value	true
Functional impact	(Low) This remediation enables an extra validation step before the instance user submits a write request to the instance. Every write request contains a CSRF token (i.e a validation/CSRF ID tied to the user session). When the user session expires, the secure token expires with it.
Security risk	(High) Cross Site Request Forgery is a significant security risk that violates the integrity of the instance data. An attacker can launch the CSRF attack by abusing the trust of an instance user. With the help of social engineering attacks, a user can submit a malformed request on behalf of the attacker on the instance.

To learn more about adding or creating a system property, see Add a system property.

How search works:

Topics are ranked in search results by how closely they match your search terms

Anti-CSRF token

Anti-CSRF token (instance security hardening)

More information

On this page

Anti-CSRF token

Anti-CSRF token (instance security hardening)

More information

Log in to personalize your search results and subscribe to topics