Method and device for defending cross-site request forgery attack

A cross-site request forgery and business request technology, applied in the field of computer networks, can solve problems such as complex implementation, high server pressure, and large code changes, and achieve the effect of simple implementation, reduced pressure, and defense against cross-site request forgery attacks

Active Publication Date: 2017-01-18
BEIJING JINGDONG SHANGKE INFORMATION TECH CO LTD +1
View PDF5 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the existing token verification method dynamically generates tokens and verification on the server side. The main problem is that the code changes a lot, which makes the implementation more complicated and puts a lot of pressure on the server.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for defending cross-site request forgery attack
  • Method and device for defending cross-site request forgery attack
  • Method and device for defending cross-site request forgery attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] Exemplary embodiments of the present invention are described below in conjunction with the accompanying drawings, which include various details of the embodiments of the present invention to facilitate understanding, and they should be regarded as exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.

[0032] figure 2 It is a business flow chart of a method for defending against cross-site request forgery attacks according to an embodiment of the present invention. Such as figure 2 As shown, a method for defending against cross-site request forgery attacks in the present invention mainly includes the following steps S21 to S24.

[0033] Step S21: the client requests...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and device for defending a cross-site request forgery attack, thereby being conducive to enabling a token calibration method to be small in code modification amount, and thus achieving the purpose of being simple in function realization and small in pressure brought about for a server. The method for defending the cross-site request forgery attack comprises the steps that a client asks a server for a page and then receives page content, a script code and a service domain cookie which are returned by the server; the client operates the script code so as to generate a fixed token, writes the fixed token into the service domain cookie and sets the expiration time of the token; and the client sends a service request and the service domain cookie to the server, then receives response content of the server and displays the response content.

Description

technical field [0001] The invention relates to the technical field of computer networks, in particular to a method and device for defending against cross-site request forgery attacks. Background technique [0002] Cross-site request forgery CSRF (Cross-site request forgery) is a malicious use of websites. CSRF attacks are carried out by including malicious links or scripts in pages accessed by authorized users. For example: A website user A may be browsing a chat forum, while another user B is also in the forum at the same time, and the latter has just posted a picture message with a link to user A's bank. Imagine that User B writes a link to a form submission for withdrawals on User A's bank site and labels the link with an image. If user A's bank saves his authorization information in a cookie, and the cookie has not expired, then when user A's browser tries to load the image, it will submit the withdrawal form and his cookie, so that without user A's consent This tran...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/32
CPCH04L9/3213H04L63/0807H04L63/14
Inventor 张帅
Owner BEIJING JINGDONG SHANGKE INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap