Mercurial > hg > orthanc-book
changeset 289:9223c3f26c1a
csrf
| author | Sebastien Jodogne <s.jodogne@gmail.com> |
|---|---|
| date | Mon, 30 Sep 2019 21:31:08 +0200 |
| parents | 2e71e7cc0ec5 |
| children | 6cbcdb965ad3 |
| files | Sphinx/source/faq/security.rst |
| diffstat | 1 files changed, 8 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/Sphinx/source/faq/security.rst Tue Sep 24 17:57:27 2019 +0200 +++ b/Sphinx/source/faq/security.rst Mon Sep 30 21:31:08 2019 +0200 @@ -100,9 +100,14 @@ user that runs Orthanc. * Consider implementing a :ref:`higher-level application - <improving-interface>` (e.g. in PHP) that takes care of user - authentication/authorization, and that is the only one to be - allowed to contact the Orthanc REST API. + <improving-interface>` (e.g. in PHP, Java, Django...) that takes + care of user authentication/authorization, and that is the only one + to be allowed to contact the Orthanc REST API. In particular, you + must create a higher-level application so as to properly deal with + `CSRF attacks + <https://en.wikipedia.org/wiki/Cross-site_request_forgery>`__: + Indeed, as explained in the introduction, Orthanc is a microservice + that is designed to be used within a secured environment. * For advanced scenarios, you might have interest in the :ref:`advanced authorization plugin <authorization>`. Similarly,