tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Help regarding CSRF Filter in Tomcat 7
Date Fri, 16 Nov 2012 23:50:56 GMT
Bob Hall wrote:
> André,
> On 16/11/2012 14:39, André Warnier wrote:
>>  Response (to Mark and David) : I accept the verdict of the native English-speakers.
>>  In my defense, I would say that to me, the word "useless" has more of a negative
connotation than what I wanted to express.  Using an expression
>>  such as "the filter is useless" here may have suggested that I thought that this
code was not worth the memory cells it was written on.  Which is of
>>  course far from my thoughts on the matter.
>> "Unnecessary" was a way for me to express that in these particular circumstances,
it would 1) not help, while 2) - being a filter - adding unwarranted
>> (?) overhead to the application.
> "filter is ineffective" might work for you.
> - Bob

That does sound better to me.

Shall we agree that the correct phrasing should have been :

If you are not using HttpServletResponse#encodeRedirectURL(String) or
HttpServletResponse#encodeURL(String) in your application, then this
filter would be ineffective (and wasteful of system resources)

..but your application can still be subjected to CSRF attacks.

 From the Oxford dictionary on-line :

Definition of ineffective

. not producing any significant or desired effect:
   . the legal sanctions against oil spills are virtually ineffective
   . a weak and ineffective president

Definition of useless

. not fulfilling or not expected to achieve the intended purpose or desired outcome:
   . a piece of useless knowledge
   . we tried to pacify him but it was useless
. informal : having no ability or skill in a specified activity or area: he was useless at


Definition of unnecessary

. not needed: some people feel that holiday insurance is unnecessary
. more than is needed; excessive:
   . good construction is essential to avoid unnecessary waste

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message