Home » Liferay Portal » English » 3. Development

Combination View Flat View Tree View
Threads [ Previous | Next ]
Charu Babbar
security issues
May 13, 2012 11:26 AM

Charu Babbar

Rank: Regular Member

Posts: 167

Join Date: September 13, 2011

Recent Posts

I have 3 issues:

1.t is possible to view the contents of the authenticated pages by fetching the page from the cache memory option of the browser.
2.No client or server side input validation has been implemented. This may lead to the Cross-Site Scripting attack
3.Segregation of user authenticated pages is not done.

Plz tell me all 3 questions answer if anybody has some what knoweledge about these issues?


With regards
charu babbar
Amos Fong
RE: security issues
May 14, 2012 11:45 PM

Amos Fong


Rank: Liferay Legend

Posts: 1899

Join Date: October 7, 2008

Recent Posts

Hi Charu,

1. There is property I think can handle this:

 2## Browser Cache
 5    #
 6    # Set this to true if you want the portal to force the browser cache to be
 7    # disabled. It will only disable the cache for the rendered HTML response
 8    # It will not have an impact on static content or other resources.
 9    #
10    browser.cache.disabled=false
12    #
13    # Set this true if you want to disable the cache for authenticated users.
14    # This property is not read when the property
15    # "" is true. This is useful to ensure that
16    # authenticated users cannot go to the sign in page by clicking on the back
17    # button in their browsers.
18    #

2. All user input that is outputted should be properly escaped. However if you also want to validate user input, you can look into the antisamy sanitizer hook

3. Not sure what you mean here. Can you elaborate?