Security Filters

This page appears when you click on the Security Filters option from the Account Security node of the MANAGER SETTINGS tree that appears when you navigate through the menu sequence: Admin -> Settings -> Manager.

Cross-site Request Forgery (CSRF) is an attack which forces an end user to execute unwanted actions on a web application to which the user is currently authenticated. A successful CSRF exploit can compromise end user data and may allow an attacker to perform an account hijack, thus compromising the entire web application. Likewise, SQL Injection and cross site scripting (CSS) attacks too may compromise the web applications. In highly secure environments or in situations where the eG manager is made accessible on the public Internet, it is essential to counter these attacks and enhance the security of the eG manager.

To do so, you need to set the Enable Security Filters flag to Yes. By default, this flag is set to No. If this flag is set to Yes and once you click the Update button, then, once the eG manager application receives a request, it verifies whether an anti-CSRF token exists in the request, and also checks that it matches the user's current token. If either of these checks fail, the eG manager would reject the request.