Method and system for preventing cross-site request forgery attack

A cross-site request forgery and local file system technology, applied in the field of network security, can solve the problems of not being able to know the client, the client cannot be informed, and cannot effectively prevent CSRF attacks, and achieve the effect of ensuring network security.

Active Publication Date: 2015-11-25
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF7 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In the prior art, this defect is caused by the inappropriate definition of the responsibility for verifying the user's request, and the prior art only allows the client or the server to judge the authenticity of the request, but the client cannot know a request from a certain page. Whether the request to another page is what the server expects, and the server cannot know the context in which the request from the client is generated, which cannot effectively prevent CSRF attacks
[0006] In summary, there are obviously inconveniences and defects in the actual use of the existing technology, so it is necessary to improve

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for preventing cross-site request forgery attack
  • Method and system for preventing cross-site request forgery attack
  • Method and system for preventing cross-site request forgery attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0044]The present invention provides a method and system for preventing cross-site request forgery attacks, and the goal is to protect clients from CSRF attacks. The fundamental reason for the success of the CSRF attack is: when the server receives a client request, it is difficult for the server to judge the occasion where the request is sent through the content of the client request (that is, how the request is sent by the browser); When the browser sends a request, although the browser knows the occasion when the request is sent, it does not know the security rules of the requested website, so i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention is applicable for the technical field of network safety, and provides a method and a system for preventing a cross-site request forgery attack. The method comprises the steps that: a client generates an HTTP request when page information of a browser is received; the client performs filtration treatment on cookie information in the HTTP request based on a strategy document obtained from a server-side; the client sends the HTTP request after subjected to the filtration treatment to the server-side. In the method and the system for preventing the cross-site request forgery attack, the strategy document is provided by the server-side, the server-side defines requests from which pages the service-side expects to receive exactly, and the client performs authenticity judgment on the HTTP request based on the strategy document, so that requests which are not allowed by the strategy document are guaranteed to not carry cookie of a user, requests which the server-side does not expect to receive cannot be sent by the client, and the network safety of the client is guaranteed.

Description

technical field [0001] The invention relates to network security, mainly to browser security and web application security, and in particular to a method and system for preventing cross-site request forgery attacks. Background technique [0002] In the prior art, the communication between the website server and the user client is mainly through the HTTP (HyperTextTransferProtocol, hypertext transfer protocol) protocol. According to the definition of the HTTP protocol, the protocol is a stateless protocol, that is, each communication between the server and the client is independent of each other, and the next communication between the server and the client does not know the information of the previous communication. However, in practical applications, continuous and stateful communication between the server and the client is required, so cookie technology is introduced as one of the most common solutions. [0003] In order to maintain a stateful connection between the server ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/0236H04L63/1441H04L67/02
Inventor 高云鹏孙毓忠
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap