Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

CSRF attack protection method and device

A user request and interface technology, applied in the Internet field, can solve problems such as increased server pressure, malicious use, token forgery, etc., to achieve the effect of solving attack problems and reducing pressure

Pending Publication Date: 2021-05-28
HUNAN HAPPLY SUNSHINE INTERACTIVE ENTERTAINMENT MEDIA CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this solution has some disadvantages. First, the server needs to save the token, which increases the pressure on the server. Second, the token may be forged and used maliciously. Solving this problem will increase the verification logic of binding the token to the user and increase the difficulty of code writing.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • CSRF attack protection method and device
  • CSRF attack protection method and device
  • CSRF attack protection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0050] The inventor found through research that almost 99.99% of business management systems now have CSRF security issues, but most developers do not pay attention to them. As the system goes online, it is more likely to be attacked, and data will be added abnormally , update and delete risks, traditional solutions are too complicated, and the cost of transformation and maintenance is also high, so a simpler and more efficient method is needed to solve this pr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention provides a CSRF attack protection method and device. The background server generates the token under the condition that the user request does not carry the token and writes the generated token into the browser cookie and the page request, and the token does not need to be stored in the background server, so that the pressure of the background server is reduced. When the user sends the user request again, the front-end preset script is triggered to run to write the token in the browser cookie and the page request into the user request, the background server realizes CSRF verification by judging whether the cookie in the user request is the same as the token in the parameter or not due to the fact that the browser cookie cannot be captured by a third party, the verification logic for binding the token with the user does not need to be added, and therefore, the CSRF attack problem can be simply and effectively solved.

Description

technical field [0001] The present invention relates to the technical field of the Internet, and more specifically, to a CSRF attack protection method and device. Background technique [0002] CSRF (Cross-site request forgery, cross-site request forgery) attack is an attack method that uses the website's trust in the user's web browser to coerce the user to perform unintended operations on the currently logged-in web application. At present, most business management systems have a vulnerability of CSRF attack, which is often ignored by developers. If it is exploited maliciously, it will cause immeasurable impact. [0003] The traditional solution is to generate a token for each user request, the token is stored on the server, and the user carries this token when submitting data, and the server then verifies the token, and the token becomes invalid after verification. However, this solution has some disadvantages. First, the server needs to save the token, which increases th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L9/32
CPCH04L63/0807H04L9/3213
Inventor 汪纬
Owner HUNAN HAPPLY SUNSHINE INTERACTIVE ENTERTAINMENT MEDIA CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com