A method, system and device for defending against cross-site request forgery (csrf) attacks

A cross-site request forgery and request packet technology, applied in the network field, can solve problems such as difficulty in defending against CSRF attacks, and achieve the effect of preventing CSRF attacks
CN103312666BActive Publication Date: 2016-03-16TENCENT TECH (SHENZHEN) CO LTD
4 Cites 1 Cited by

Patent Information

Authority / Receiving Office
CN Β· China
Patent Type
Patents(China)
Current Assignee / Owner
TENCENT TECH (SHENZHEN) CO LTD
Publication Date
2016-03-16

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The embodiment of the invention discloses a method, a system and a device for preventing a CSRF (cross site request forgery) attack. The method comprises the following steps: a web server sends a session cookie to a client with successful logging in and the session cookie comprises a token value; the client, according to a complete domain name of a source web server, reads the session cookie corresponding to the complete domain name and reads the token value in the session cookie; the session cookie is included in a packet header of an Http request and the token value is included in a packet body of the Http request; the Http request is sent to a target web server; the target web server compares the token value of the cookie and the token value read from the packet body of the Http request; and if the token value of the cookie and the token value read from the packet body of the Http request are inconsistent, or the token value cannot be read from the cookie, an operation processing is not carried out. The method, the system and the device of the invention can be applied to prevent the CSRF attack.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the field of network technology, in particular to a method, system and device for defending against cross-site request forgery (CSRF) attacks. Background technique

[0002] Cross-site request forgery (CSRF) attack refers to that the attacker uses the user's login status information under a website to send a request to any website that belongs to the same root domain as the website, so as to send emails or modify information in the name of the user , or purchase goods, etc. Among them, the first-level domain names of different websites belonging to the same root domain are the same, but the second-level domain names are different.

[0003] In the prior art, if a user successfully logs in to a website under the root domain, it is considered that the user is logged in to any website under the root domain, so if an attacker pretends to be the user and sends a purchase to a website under the root domain Products, modification of u...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More