What does cross-site request forgery mean?

王林
Release: 2020-06-28 17:05:14
Original
5348 people have browsed it

Cross-site request forgery, often abbreviated as CSRF or XSRF, is an attack method that coerces users to perform unintentional operations on the currently logged-in web application. CSRF takes advantage of the website's trust in the user's web browser.

What does cross-site request forgery mean?

Definition

Cross-site request forgery (Cross-site request forgery), also known as one-click attack or session riding, usually Abbreviated as CSRF or XSRF, it is an attack method that coerces users to perform unintentional operations on the currently logged-in web application.

Compared with cross-site scripting (XSS), XSS takes advantage of the user's trust in the specified website, while CSRF takes advantage of the website's trust in the user's web browser.

Defense measures:

1. Check the Referer field.

2. Add verification token.

The above is the detailed content of What does cross-site request forgery mean?. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template