检查引荐来源网址是否足以抵御CSRF攻击? [英] Is checking the referrer enough to protect against a CSRF attack?
本文介绍了检查引荐来源网址是否足以抵御CSRF攻击?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
检查引荐来源网址是否足以防止跨站点请求伪造攻击?我知道引荐来源网址可以被欺骗,但是攻击者是否可以为客户端执行此操作?我知道令牌是常态,但这行得通吗?
Is checking the referrer enough to protect against a cross site request forgery attack? I know the referrer can be spoofed, but is there any way for the attacker to do that FOR the client? I know tokens are the norm, but would this work?
推荐答案
在其他情况下,使用引荐来源网址对用户无效其浏览器(或公司代理)不发送引荐来源网址。
Among other things, using the referrer won't work for users whose browsers (or corporate proxies) don't send referrers.
这篇关于检查引荐来源网址是否足以抵御CSRF攻击?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
