Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This section describes how secure a Digizuite installation using cross-site request forgery protection

Recommendation

Digizuite is recommended to have CSRF setup in order to <TODO: WRITE MORE TEXT

Digizuite DAM Center

CSRF is configured in Digizuite DamCenter web.config file,

<add key="CSRFTokenPepper" value="random_string_at_least_10_characters_long" />

Random string used when generating cryptographic CSRFToken, Install script generates this, if missing.

<add key="CSRFTokenPepperCookie" value="another_random_string_at_least_10_characters_long" />

random string used when generating cryptographic CSRFToken, Install script generates this, if missing, if these strings are changed existing sessions must re login..

<add key="CSRFDisabled" value="true" />

If this setting is added, CSRF protection is disabled, it is enabled by default.

Remark

Browsers may be forced to re-login, if the browser loses the X-CSRF-Token due to a page refresh

  • No labels