银行式导航限制 [英] Bank-style Navigation Restrictions
问题描述
某些网络应用程序,尤其是银行网站,会阻止您使用浏览器的导航按钮、在新标签页中打开链接甚至刷新页面.他们通常会警告您不要这样做,甚至会终止会话,迫使您再次登录.
Some web applications, banking websites in particular, prevent you from using the browser's navigation buttons, opening links in new tabs or even refreshing the page. Often they'll warn you not to do so and even kill the session forcing you to login again.
他们是否遵循特定的架构模式来实现这一目标?他们的目标是什么?这如何提高安全性?
Is there a particular architectural pattern they are following to achieve this? What are their goals? How does this increase security?
推荐答案
与其对不同的页面使用不同的 URL 处理程序,他们可能使用由隐藏表单字段传递的 POST 变量来传递页面状态,并且相同的 URL 处理程序将处理每个请求.
Rather than having a different URL handler for different pages, they are probably passing the page state using POST variables passed by hidden form fields and the same URL handler will handle each request.
例如最近交易"的链接可以编码如下
e.g. the link to "recent transactions" could be coded as follows
<form method="post" action="https://www.example.com/securebankpage">
<input type="hidden" name="action" value="recentTransactions" />
<input type="hidden" name="token" value="3423432432535235325098525125242" />
<input type="submit" value="View Recent Transactions" />
</form>
其中 token 是安全随机生成的值,服务器端针对每个用户会话和操作组合记录该值,并且服务器端记录在用户导航时针对提交的表单值进行验证.
Where token is a secure random generated value that is recorded server side against each user session and action combination and the server side records are validated against the submitted form values when the user navigates.
由于每个页面都是通过 POST 方法加载的,因此用户不可能通过不小心点击返回然后接受浏览器提示重新提交数据来重复操作.这是因为 token 将被标记为已使用的服务器端并且不允许再次使用该令牌.如果后退按钮导航到汇款页面,则很有用,因为汇款不会意外重复.这也可以防止某些类型的重放攻击.
As each page is loaded via the POST method, it is not possible for the user to repeat the action by accidentally clicking back and then accepting the browser prompt to resubmit the data. This is because the token will have been marked as already used server side and will not allow the token to be used again. Useful if the back button navigated to the money transfer page as the money transfer will not be accidentally repeated. This also can protect against certain types of replay attacks.
此架构还防止将 CSRF 作为令牌值任何试图从其站点向 https://www.example.com/securebankpage 发起 POST 并将 action 作为 doMoneyTransfer 传递的攻击者都不会知道.
This architecture also guards against CSRF as the token value would be unknown to any attacker that tries to initiate a POST to https://www.example.com/securebankpage from their site and passing the action as doMoneyTransfer.
令牌应该是有时间限制的,所以如果在设定的时间量(例如 15 分钟)内没有使用它们,它们应该被标记为过期,如果用户的会话仍然处于活动状态,它们应该在呈现时为每个可能的操作重新生成.
The tokens should be time limited so if not used in a set amount of time (e.g. 15 minutes) they should be marked as expired and if the user's session is still active they should be regenerated for each possible action when rendered.
在新标签页中打开的链接本身并不是安全风险,但如果服务器为每个可能的操作不断刷新令牌,原始窗口中的链接现在将包含过期的令牌,因为它们尚未刷新,这就是为什么系统可能不鼓励您这样做,而是在整个系统中只有一条可以跟踪的路径.
Links opening in new tabs isn't a security risk in itself, but if the server continually refreshes the token for each possible action, the links in the original window would now contain expired tokens as they have not been refreshed which is why the system is probably discouraging you from doing this and having a single path throughout the system instead which can be tracked.
在上面的示例中,我提到了通过 POST 传递的所有内容,但也可以使用 GET 和单独的页面处理程序 URL 来实现类似的功能.POST 路由稍微更安全,因为页面将通过停止重新提交表单的机制在浏览器中自动过期,尽管也可以通过其他方式实现这一点.使用唯一令牌是重点.
In my examples above I mention everything being passed via POST, but it is also possible to implement similar using GET and separate page handler URLs. The POST route is slightly more secure as pages will be automatically expired in the browser via the mechanism that stops re-submission of forms, although it is also possible to implement this by via other means. The use unique tokens is the important point.
这篇关于银行式导航限制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
