Watson Supply Chain Ideas

Use this form to submit an idea for a new product feature. The product team will review your input and provide status updates as decisions are made regarding the request.

Before you submit a new idea, please view requests that have already been submitted. If your idea has already been submitted, you can add comments or vote on the existing idea, thereby indicating your agreement with the idea. We may use this information to help prioritize development of new features.


Submit ideas for Watson Marketing and Watson Commerce products

CSRF Token displayed in URL

We have observed that when we log on to Sterling Integrator through the browser portal, the URL displays the CSRF securetoken for that particular session. When a correct user login credential is submitted
to the SI web server, the sequence of web "GET" requests are submitted from the user workstation to the SI web servers. When a request is submitted to the /user/CSRFInfo, it returns a securetoken. This securetoken serves as CSRF token to mitigate Cross Site Request Forgery.

Our internal audit has identified this as a concern on security grounds.

We request you to modify the product so that it doesn't display this token information in the URL please.
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Dec 19 2017
How will this idea be used?
What is your industry?
What is the idea priority? Low
DeveloperWorks ID DW_ID97800
Link to original RFE http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=97800
  • Attach files