Preventing Cross-Site Request Forgery Attacks
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated. To prevent such attacks, add the following properties in the security.properties file:
• mks.security.web.csrfEnabled=false
Setting this property to true enables CSRF attack prevention mechanism in a Windchill RV&S web application. Any unwanted requests to the web application are denied if additional security checks fail.
• ks.security.web.csrfNonceCacheSize=50
Sets the number of previously issued CSRF tokens cached on a LRU (Least Recently Used) basis so that parallel requests can be made to a Windchill RV&S web application.
This value specifies the number of parallel requests the server can handle. To allow multiple parallel requests, an Administrator should adjust this number accordingly. Configure this property with a number which ensures requests coming from all the Windchill RV&S web interfaces are fulfilled. The default value of this property is 50.