In many cases CSRF and XSS will help to do so.
在许多情况下,CSRF和XSS都有助于这样做。
Some variants use CSRF to pre-load data in forms, some don't.
一些变种使用CSRF预先加载数据到表单,有些则没有。
Requests can be crafted which will circumvent the CSRF protection entirely.
定制的请求可以完全绕开CSRF保护。
In a CSRF attack, your users can easily become unsuspecting accomplices.
在CSRF攻击中,您的用户可以轻易地成为预料不到的帮凶。
The sequence of requests and responses during a CSRF attack is illustrated in Figure 1.
CSRF攻击过程中的请求和响应的序列如 图 1 所示。
Finally, make sure your PHP code is resilient to XSS attacks, form spoofs, and CSRF attacks.
最后,确保PHP代码可以抵抗XSS攻击、表单欺骗和CSRF攻击。
In CSRF attacks, unauthorized commands are transmitted from a user that the Web site trusts.
在CSRF攻击中,从Web站点信任的用户处传播未经授权的命令。
CSRF attacks are often in the form of tags because the browser unwittingly calls the URL to get the image.
CSRF攻击通常是以标记的形式出现的,因为浏览器将在不知情的情况下调用该url以获得图像。
CORS does not prevent CSRF, all it does is relax the restrictions enforced by the Same Origin Policy.
CORS不会阻止CSRF,它只是放松同源政策强制执行的限制。
To guard yourself against CSRF, use the one-use token approach you use in your habit of verifying form posts.
为了保护您免受CSRF攻击,需要使用在检验表单post时使用的一次性标记方法。
A mashup application or page must address CSRF, Ajax vulnerabilities, XSS, and other potential security weaknesses.
mashup应用程序或页面必须解决CSRF、Ajax漏洞、XSS和其他潜在的安全漏洞。
CSRF (Cross Site Request Fogery) allows attackers to bypass cookie based authentication. I blogged about it a while ago.
一个是CSRF (CrossSiteRequest Forgery,跨站点伪造请求攻击),它允许攻击者绕过基于cookie的身份认证,前些天我曾在Blog上介绍过这种攻击。
Whereas XSS attacks exploit the trust a user has in a Web site, CSRF attacks exploit the trust a Web site has in a user.
XSS攻击利用的是用户对网站的信任,CSRF 攻击利用的是网站对用户的信任。
Many intrusion vulnerabilities such as SQL injection, CSRF, and XSS are preventable using a comprehensive input-validation framework.
如果使用一个综合的输入验证框架,许多输入漏洞,如SQL注入、CSRF和XSS,都是可以避免的。
Every edit operation must be accompanied by a token, which ensures the validity of the user request and protects against CSRF attacks.
每个编辑操作必须伴有一个令牌,这可确保用户请求的有效性,并抵御CSRF攻击。
During a CSRF attack, requests originate from an intruder site and are transmitted through an authenticated browser page to the server.
在CSRF攻击过程中,请求来自一个入侵者站点,然后通过一个经过验证的浏览器页面传输到服务器。
You can typically prevent CSRF attacks by requiring that a unique token or cookie be passed with every request, which can be done with Dojo.
您通常可以通过要求每个请求在发送时传递一个惟一的令牌或cookie来阻止CSRF攻击,这可以通过Dojo来完成。
The browser would send a request to the server that would store the user's session identifier, CSRF token, etc. in our support database.
浏览器会发送一个请求到服务器,存储用户的会话标识符,CSRF令牌,我们支持数据库等。
CSRF attacks originate from malicious code from an intruder site that tricks a browser into transmitting unprovoked requests to a trusted site.
CSRF攻击由一个入侵站点的恶意代码发起,该代码欺骗浏览器,使其将无关的请求传输到一个受信任站点。
The server will assume that any requests that lack the correct value in the Request-Token header are CSRF attack attempts and will reject them.
服务器将假设Request - Token头部中缺乏正确的值的任何请求都是CSRF攻击企图并将拒绝它们。
CSRF attacks depend on a server assuming that all requests transmitted from the browser that originally started an authenticated session are valid.
CSRF攻击依赖于这样一个服务器假设:来自启动了验证会话的浏览器的所有请求都是有效的。
As a countermeasure, make change-password forms safe against CSRF, of course. And require the user to enter the old password when changing it.
对策是,让修改密码的表单不能被CRSF攻击,当然在改变密码的时候,也需要用户去输入旧密码。
During a CSRF attack, requests originate from an intruding third-party site and are passed through an authenticated browser page to the server.
在一个CSRF攻击过程中,请求源自一个入侵的第三方站点并通过一个已验证的浏览器页面传递到服务器。
For example, as in a CSRF vulnerability in Google Mail. In this proof-of-concept attack, the victim would have been lured to a web site controlled by the attacker.
例如,GoogleMail的一个CSRF漏洞,在这个概念验证的攻击中,受害者会被引诱到一个被攻击者控制的站点。
The browser's same-origin policy does not prevent CSRF attacks because the attack requests are transmitted to the same origin in proxy for the intruding third-party site.
浏览器的同源策略无法阻止CSRF攻击,因为攻击请求被传输到第三方入侵站点的代理中相同的源。
Jacob gave examples of some of the vulnerabilities like Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), HTTP Response Splitting, Session Fixation, and SQL Injection.
Jacob对其中的一些弱点给出了示例,像跨站点脚本攻击(XSS)、跨站点伪造请求(CSRF)、HTTP响应分割、会话固定攻击以及SQL注入攻击等等。
In addition to handling traditional threats, a mashup application or web page must address such issues as cross-site scripting (XSS) and cross-site request forgery (CSRF), among others.
除了处理传统威胁外,混搭应用程序或web页面必须解决跨站点脚本编写(XSS)和跨站点请求伪造(CSRF)等问题。
In addition to handling traditional threats, a mashup application or web page must address such issues as cross-site scripting (XSS) and cross-site request forgery (CSRF), among others.
除了处理传统威胁外,混搭应用程序或web页面必须解决跨站点脚本编写(XSS)和跨站点请求伪造(CSRF)等问题。
应用推荐