CSRF protection method and system based on cloud platform

A technology of protection system and cloud platform, which is applied in the field of CSRF protection method and system based on cloud platform, can solve problems such as cumbersome configuration process, low protection efficiency, and affecting the use of protection functions, and achieve improved detection efficiency, simple and convenient configuration, The effect of reducing the impact

Active Publication Date: 2017-10-24
CHINANETCENT TECH
View PDF11 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, these protection methods still have some disadvantages: (1) the token tracking method needs to analyze the Document Object Model (DOM) of the web page, locate the position of the form, modify the content of the form request and a series of complex operations, and the protection efficiency is low; (2) Other protection methods configure the protection address according to the business function. The change of the business function will affect the use of the protection function, and the configuration content needs to grab the business address one by one, and the configuration process is cumbersome

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • CSRF protection method and system based on cloud platform
  • CSRF protection method and system based on cloud platform
  • CSRF protection method and system based on cloud platform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0053] Such as figure 1Shown is a kind of embodiment of the CSRF (Cross-site request forgery, cross-site request forgery) protection method based on the cloud platform provided by the present invention, comprising the following steps:

[0054] Step S101, receiving a request packet to be analyzed.

[0055] In this embodiment, when a client such as a browser sends an access request to a global wide area network (World Wide Web, WEB) server through Hyper Text Transfer Protocol (Hyper Text Transfer Protocol, HTTP), the cloud platform first receives the request packet to be analyzed.

[0056] Step S102, check the login status of the request packet, and directly release the request packet that has not been logged in or has been logged in but does not contain request parameters.

[0057] Because the CSRF attack can only be successfully attacked with the logged-in user as the object, and cannot pose a threat to users who are not logged in, so the present invention first checks and ju...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a CSRF (Cross-Site Request Forgery) protection method and system based on a cloud platform. The method comprises the following steps: receiving a request packet to be analyzed; checking the login state of the request packet, and directly releasing the request packet which does not log or has logged and does not include a request parameter; checking the request packet which has logged and includes a request parameter; and judging whether the request packet is directly released or released after the cache is cleared according to the checking result. The CSRF protection method and system based on the cloud platform have the advantages: by judging the login authority of a request access system, erroneous intercepting behaviors on open operating interfaces can be reduced, the detection efficiency can be improved, and the influence on the performance of the cloud platform can be reduced; and by recognizing the request mode, configuring sensitive operation parameters and performing relevant processing on the requested referer, CSRF protection on the whole website can be realized, the configuration is simple and convenient, and the requirement for the profession of operators is low.

Description

technical field [0001] The invention relates to the field of computer network data security, in particular to a cloud platform-based CSRF protection method and system. Background technique [0002] With the rapid development of global wide area network (World Wide Web, WEB) application technology, there is an attack method on the Internet that hijacks other end users to perform malicious operations on their application systems when they are logged in. -site Request Forgery, CSRF). This attack method can perform functional operations on the WEB application without the victim's knowledge. Specifically, when the victim successfully logs in to a WEB application system, the victim requests to visit the link page constructed by the attacker during use. While the page is loading, the attacker has completed the CSRF attack with the pre-constructed code, and successfully used the victim's user authority to execute the functional operation of the WEB application system, threatening t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1466H04L67/10
Inventor 黄梅芬
Owner CHINANETCENT TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap