As a countermeasure, make change-password forms safe against CSRF, of course. And require the user to enter the old password when changing it.
对策是,让修改密码的表单不能被CRSF攻击,当然在改变密码的时候,也需要用户去输入旧密码。
As a countermeasure, make change-password forms safe against CSRF, of course. And require the user to enter the old password when changing it.
对策是,让修改密码的表单不能被CRSF攻击,当然在改变密码的时候,也需要用户去输入旧密码。
应用推荐