Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

CSRF Vulnerability in Web Applications (and how to avoid it in the Magento Admin)
 
RoyRubin
Enthusiast
 
Avatar
Total Posts:  968
Joined:  2007-08-07
Los Angeles, CA
 

In a recent blog post on artisansystem.com there is a description of a CSRF hypothetical attack on a Magento admin. It is important to note that for this attack to be possible, the attacker must know the admin path (frontName). If this is unknown to the attacker, the attack will result in a noroute and will not cause any harm.

Read More on the Magento Blog

 
Magento Community Magento Community
Magento Community
Magento Community
 
Turnkeye
Enthusiast
 
Avatar
Total Posts:  908
Joined:  2008-12-20
URL: turnkeye.com
 

It should be done after the installation? Do you plan to add this option right into installation wizard?

 
Magento Community Magento Community
Magento Community
Magento Community
 
Uniquesone
Sr. Member
 
Total Posts:  220
Joined:  2009-03-14
 

It is allready integrated

 
Magento Community Magento Community
Magento Community
Magento Community
 
lurebeauty
Sr. Member
 
Avatar
Total Posts:  229
Joined:  2009-07-06
 

Thank you!  This was a piece of cake smile

 
Magento Community Magento Community
Magento Community
Magento Community
 
Michael_1
Enthusiast
 
Total Posts:  826
Joined:  2007-08-31
 
jshpro2 - 19 November 2009 02:58 PM

Security through obscurity eh? Why not fix the actual problem.

Please upgrade your installation. The issue was fixed a long time ago.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top