Method, system and device for preventing CSRF (cross site request forgery) attack

A cross-site request forgery and consistent technology, applied in the network field, can solve problems such as the difficulty of defending against CSRF attacks, and achieve the effect of preventing CSRF attacks

Active Publication Date: 2013-09-18
TENCENT TECH (SHENZHEN) CO LTD
View PDF4 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] It can be seen that in the prior art, when a user successfully logs in to a website under the root domain, each website under the root domain thinks that the user is in the login state, and if a request sent by an attacker pretending to be a user is received, corresponding processing, therefore, it is difficult to defend against CSRF attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, system and device for preventing CSRF (cross site request forgery) attack
  • Method, system and device for preventing CSRF (cross site request forgery) attack
  • Method, system and device for preventing CSRF (cross site request forgery) attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] figure 1 It is a flowchart of a method for defending against CSRF attacks provided by the present invention.

[0038] like figure 1 As shown, the method includes:

[0039] Step 101, the website server sends a session cookie to a client that has successfully logged in, and the session cookie includes a random password (token) value.

[0040] Step 102, the client receives the session cookie, identifies the complete domain name of the website server, and saves the correspondence between the session cookie and the complete domain name of the website server.

[0041] Step 103, when the client submits an http request to the target website server, read the session cookie corresponding to the complete domain name of the source website server and the session cookie according to the complete domain name of the source website server that the client sends the http request to. The token value carried in the cookie, the session cookie and the token value are carried in the http re...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a method, a system and a device for preventing a CSRF (cross site request forgery) attack. The method comprises the following steps: a web server sends a session cookie to a client with successful logging in and the session cookie comprises a token value; the client, according to a complete domain name of a source web server, reads the session cookie corresponding to the complete domain name and reads the token value in the session cookie; the session cookie is included in a packet header of an Http request and the token value is included in a packet body of the Http request; the Http request is sent to a target web server; the target web server compares the token value of the cookie and the token value read from the packet body of the Http request; and if the token value of the cookie and the token value read from the packet body of the Http request are inconsistent, or the token value cannot be read from the cookie, an operation processing is not carried out. The method, the system and the device of the invention can be applied to prevent the CSRF attack.

Description

technical field [0001] The invention relates to the field of network technology, in particular to a method, system and device for defending against cross-site request forgery (CSRF) attacks. Background technique [0002] Cross-site request forgery (CSRF) attack refers to that the attacker uses the user's login status information under a website to send a request to any website that belongs to the same root domain as the website, so as to send emails or modify information in the name of the user , or purchase goods, etc. Among them, the first-level domain names of different websites belonging to the same root domain are the same, but the second-level domain names are different. [0003] In the prior art, if a user successfully logs in to a website under the root domain, it is considered that the user is logged in to any website under the root domain, so if an attacker pretends to be the user and sends a purchase to a website under the root domain Products, modification of u...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
Inventor 操龙敏龙丁奋郭学亨朱磊
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap