Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A web page request security processing method and system

A web page request and security processing technology, applied in the field of Internet security, can solve the problems of unsuitable static web pages, poor security, complex design schemes, etc., achieve the effect of transformation and easy implementation, small transformation, and defense against CSRF attacks

Active Publication Date: 2016-02-17
云南腾云信息产业有限公司
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] However, the above three methods have their own limitations:
[0013] (1) High labor costs and passiveness: developers need to continuously follow up and repair the discovered vulnerabilities; it is impossible to guarantee that all CSRF vulnerabilities can be discovered and resolved in time; and it is impossible to prevent the emergence of new CSRF vulnerabilities in subsequent development;
[0014] (2) High development cost: the development of the same function requires more complex design schemes, and is not suitable for static web pages;
[0015] (3) Poor security and high development costs: attackers can simulate post requests in various ways; if it needs to be deployed on an already mature website, a lot of resources need to be invested in code adjustments

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A web page request security processing method and system
  • A web page request security processing method and system
  • A web page request security processing method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051]The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0052] In the embodiment of the present invention, the goal of defending against CSRF attacks is achieved by modifying both sides of the webpage code and the WEB server.

[0053] That is, by modifying the website code on the browser side, add a g_tk parameter in all http requests (including ajax, jsonp, form form submission, etc.) (this is just an example, and the parameter name can be set to any other symbol) , its value is the encryption of the skey field content ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a webpage request safe processing method and a webpage request safe processing system; the method comprises the following steps that: the current webpage on a browser side constructs the encrypted log-in information of the current webpage; the browser side sends the webpage request of the current webpage; the webpage request comprises the encrypted log-in information of the current webpage and the log-in information of the current webpage that a browser adds; a server side receives the webpage request, and matches the encrypted log-in information of the current webpage in the webpage request with the log-in information of the current webpage that the browser adds after encryption; if the matching result is inconsistent, the webpage request is interrupted; and if the matching result is consistent, the webpage request is normally responded to. After the invention is adopted, the identification and the prevention to cross-site request forgery (CRSF) attack are realized when the reform to the whole system is small.

Description

technical field [0001] The invention relates to the field of Internet security, in particular to a method and system for safely processing webpage requests. Background technique [0002] Information security in the Internet has always been a very important issue in this field. Among them, CSRF (Cross-site request forgery, cross-site request forgery) is a common technology that steals user information through malicious use of web pages. This technology is also called "oneclick attack" or "sessionriding". Abbreviated as XSRF. [0003] CSRF uses the login status of the user on the logged-in website A to perform operations that require login verification on the A website through http (HyperTextTransferProtocol, hypertext transfer protocol) requests (hidden pictures or script references) on the page of the B website , so as to achieve the purpose of attacking or stealing private information. This is especially common in multi-window browsers. [0004] Due to the characteristi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
Inventor 周俊唐文荣鲁锋胡爱军徐凯鹏沈志坚肖峥胡文斌
Owner 云南腾云信息产业有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products