This link has been bookmarked by 31 people . It was first bookmarked on 20 Sep 2006, by Stjepan.
-
22 Jan 15
-
23 Mar 11
-
03 Nov 10
-
27 Mar 10
-
08 Jan 10
-
13 Jan 08
-
06 Dec 07
-
21 Oct 07
-
11 Apr 07
-
08 Jan 07
-
20 Sep 06
-
11 May 06
-
02 May 06
-
19 Feb 06
-
06 Jan 06
-
05 Jan 06
-
24 Nov 05
-
16 May 05
-
13 May 05
Adrian BengtsonEn text om hur man förebygger CSRF, Cross-site request forgery. Som att se till att formulär kollas så att de verkligen kommer från den egna sidan.
Cross-site request forgery CSRF säkerhet security säkerhetshål formulär form submission Webbutveckling Säkerhet
-
A Cross-site request forgery hole is when a malicious site causes the user to load a URL from your server (possible with form POST data) that causes a change on the server. Depending on which forms on your site are vulnerable, an attacker might be able to do the following to your victims: * Log the victim out of your site. (Example: Slashdot) * Change the victim's site preferences on your site. (Example: Google) * Modify settings on your hardware firewall. * Post a comment on your site using the victim's login. * Post an anonymous comment from the victim's IP address. * Transfer funds to another user's account.
-
-
12 May 05
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.