Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    Clickjacking

    Has anyone here had any experience with the Clickjacking vulnerability?

    I was wondering if there is a SmartGWT fix for it? Or is it handled at the server level?

    We are using JBoss and Firefox.

    #2
    "Clickjacking" is a general term for a category of attacks - it's like saying "buffer overflow" or "man in the middle".

    Is there a specific exploit scenario you are worried about?

    Comment


      #3
      https://www.owasp.org/index.php/Clickjacking

      Comment


        #4
        Yes, that again is a generic description of a broad method of attack - with which we are very, very familiar. Multiple staff and founders at Isomorphic have prior careers in network security, so we have no need to be directed to the first Google hit for Clickjacking, thank you :)

        So again, is there a specific exploit scenario you are concerned about?

        Comment


          #5
          Does SmartGWT have the capability to return the X-Frame-Options HTTP header with a page's response to prevent the page's content from being rendered by another site when using the frame or iframe HTML tags?

          Comment


            #6
            Whether using SmartGWT or not, you would do this in the same way: as settings on your webserver or as a Servlet Filter on your application server.

            Comment

            Working...
            X