Please login or register to access secure site features.

Note: By continuing to use DevConnect Program Services you agree to our latest Registered Member Terms.

Sign in using DevConnect ID

Forgot password?

Trouble logging in?

Submit a ticket for Registration Support.

I have an SSO ID

?
sign in

Don't have a DevConnect or SSO ID ?

Create a DevConnect account or join the program.

register now
^
Forum Index » Avaya Aura Orchestration Designer » Updated RuntimeConfig Admin App That Resolves CSRF and XSS Security Issues   XML
 
Author Message
WilsonYu



Joined: 06/11/2013 14:29:24
Messages: 3226
Offline

If you have security concern with the CSRF and XSS attacks on the RuntimeConfig Admin app running on Tomcat, you should apply the updated version of the web app attached in this post. To apply, please follow the steps below:

1. Remove the existing Runtimeconfig app from the app server.
2. Re-redeploy runtimeconfig.war from this attachment.
 Filename runtimeconfig.war [Disk] Download
 Description No description given
 Filesize 4374 Kbytes
 Downloaded:  251 time(s)

This message was edited 2 times. Last update was at 17/08/2018 23:33:46

gprada@avaya.com



Joined: 20/03/2018 12:10:40
Messages: 5
Offline

Hi Wilson,

Would you be so kind to provide the runtimeconfig fixed version for WebSphere? We are currently facing this problem. In case you need it here is our dev environment info:

OD 7.2.0.0904
JDK 1.8.0_172

Thanks!
WilsonYu



Joined: 06/11/2013 14:29:24
Messages: 3226
Offline

We don't intend to provide a solution for Websphere. It is NOT feasible to do so. Websphere always has its own way of doing things. Keep in mind that this is just a regular application running on the platform. Customers should follow Websphere's guidelines or methods on how to security them.
 
 
Go to: