1
00:00:00,180 --> 00:00:06,570
In the previous video, we looked into what is the sort of official how a hackers can perform a set

2
00:00:06,570 --> 00:00:08,140
of attacks in this video.

3
00:00:08,590 --> 00:00:16,230
Let's try to resolve that CSR issue, which we encountered inside our application by following the most

4
00:00:16,230 --> 00:00:24,390
simple approach, which is by disabling itself, as we discussed by default, any Web application or

5
00:00:24,390 --> 00:00:35,160
any Web framework will stop the communication if someone is using or post delete duty methods, which

6
00:00:35,160 --> 00:00:39,680
will potentially alter the data using causative issue.

7
00:00:39,810 --> 00:00:47,190
But really, that might be a valid issues where you don't want to handle all this CSR tokens and everything

8
00:00:47,370 --> 00:00:51,840
because you have all the firewalls inside your organization.

9
00:00:52,020 --> 00:00:55,820
The outside hackers cannot access your links.

10
00:00:56,100 --> 00:01:02,940
So in such scenarios, we just have to simply disable CSR inside our spring security framework.

11
00:01:03,120 --> 00:01:12,390
When we disable it clearly indicates I don't want to have any CSR tokens to be handled and all operations,

12
00:01:12,510 --> 00:01:19,110
including get or delete post, has to be accepted by my application for that.

13
00:01:19,710 --> 00:01:27,960
Come to the same class project security conflict not hour after hour US configurations we can look for

14
00:01:28,650 --> 00:01:30,150
sort of return.

15
00:01:30,450 --> 00:01:35,640
On top of that, we have a separate matter we can pass.

16
00:01:35,860 --> 00:01:43,960
So that's within is two words we can disable and CSR inside insider applications.

17
00:01:44,040 --> 00:01:50,700
Now I have made the continuous let's try to go to the starting class and start the server again.

18
00:01:50,850 --> 00:01:59,550
Now I'll go to manually navigate the login page and bring credentialled happy a third example dot com.

19
00:01:59,550 --> 00:02:00,470
One, two, three, four, five.

20
00:02:00,780 --> 00:02:10,259
Now I'm clicking the balance section and you can see now my balance controller went to the database,

21
00:02:10,440 --> 00:02:17,210
looked all the transaction details associated with my user and display that.

22
00:02:17,370 --> 00:02:23,990
What is the latest to current balance as you can go and check in the database as well by going to the

23
00:02:23,990 --> 00:02:31,860
account transactions here, you can see there are for the user customer eighty one six Rosada.

24
00:02:32,070 --> 00:02:37,560
That's why here we have six rules followed by total current balance.

25
00:02:37,750 --> 00:02:41,510
So with this we resolve the CSR issue by disabling it.

26
00:02:41,730 --> 00:02:50,060
But disabling is not a solution always and it's not recommended also when your application is open to

27
00:02:50,060 --> 00:03:00,000
the outside world so far that we should really handle CSR by leveraging CSR of tokens inside your application.

28
00:03:00,420 --> 00:03:04,000
Let's try to go and explore that more in the next room.

29
00:03:04,140 --> 00:03:04,620
Thank you.

30
00:03:04,620 --> 00:03:04,980
And by.