Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.12.3 available

The official documentation can be found on https://wiki.ocsinventory-ng.org. Read it before asking your question.

Categories

Upload MSI: CSRF ATTACK!!!

Hello,

i do some first steps with OCS and run the docker 2.12.3 version.

I want to deploy a msi file and when uploading it, I get a "CSRF ATTACK!!!"-error. In the docker-folder I already included in nginx/conf/ocsinventory.conf.template under location /:

        proxy_read_timeout      ${READ_TIMEOUT};
        proxy_connect_timeout   ${CONNECT_TIMEOUT};
        proxy_send_timeout      ${SEND_TIMEOUT};
        client_max_body_size    ${MAX_BODY_SIZE};

and in conf/ocsinventory-reports.conf i updatet several upload-entries to a higher amount.

php_value post_max_size         1001m
php_value upload_max_filesize   1000m

Is there something else which has to be modified?
Thank you and best,
Johannes
in OCS Inventory NG server for Unix by (120 points)
Share on
share on gp share on fb share on tw share on li

2 Answers

0 votes

It's important to note that while CSRF attacks pose significant risks, enhancing user awareness and implementing robust security measures can mitigate these threats effectively. Collaboration among developers is key!

https://ask.ocsinventory-ng.org/15492/upload-msi-csrf-attacksnowrider

by (140 points)
0 votes

This post regarding CSRF attacks on MSI uploads is quite informative! As someone who has worked in application soccer random security, I like how you broke down the issues and provided specific strategies to address them. It is critical for developers to understand these risks, particularly when handling inventory systems such as Ocsinventory. Keep sharing this critical information—it is empowering us all to create safer software environments!

ago by (140 points)
 
Powered by Question2Answer
...