没有CSRF令牌的表格:存在哪些风险 [英] Form without CSRF token: what are the risks
问题描述
如果我在表单中不使用csrf令牌,暴露给我的风险到底是什么?我并不是要寻找简单的风险标签或名称,因为它们可能会造成混淆。我需要了解攻击者确切可以做什么,并且仅在简单的英语情况下才能做到。
What exactly are the risks I'm exposing myself to if I don't use csrf tokens in my forms? I'm not looking for simple labels or names of the risks, because these can be confusing. I need to understand what exactly an attacker can do and only under what circumstances they can do this, in plain English.
推荐答案
A CSRF漏洞是一种使恶意用户(或网站)使毫无戒心的用户对您的网站执行他们不希望发生的操作的一个漏洞。
A CSRF vulnerability is one which allows a malicious user (or website) to make an unsuspecting user perform an action on your site which they didn't want to happen.
有些真实例如,如果您允许用户通过GET而不是POST删除帐户,则有人可以在您的网站上发布以下评论(假设该网站可以发表评论或其他输入内容,等等)
Some real world examples would be things like if you allowed a user to delete an account over GET instead of POST, someone could post the following comment on your site (assuming the site has some way to post comments or other input, etc.)
我想我会对您的网站发表评论。看看这个很酷的图片!
< img src ='http://example.com/delete_my_account.php />
I thought I'd make a comment on your site. Check out this cool image!
<img src='http://example.com/delete_my_account.php" />
现在登录的用户每次加载该页面时,其帐户都会被删除,如果该操作是通过POST而不是GET完成的,则有人可以制作表格并诱使用户提交该表格并获得相同的结果
And now any time a logged in user loads that page, their account would be deleted. If it was done over POST instead of GET, someone could craft a form and trick users into submitting it and the same result would happen. Whereas if you used a CSRF token, this wouldn't be possible.
另一个例子是,外部站点可以设计一种形式来向您的站点发布POST。 ,并执行不良操作。因此,假设您的网站上有一个不使用CSRF令牌的购物车,一个恶意网站可能会创建一个带有点击此处注册按钮的表格,但实际上是从如果您网站上的登录用户访问了该恶意网站并单击该按钮,他们将在邮件中得到一个惊喜。
Another example would be that an external site could craft a form which POSTs to your site, and perform an undesirable action. So let's say your site has a shopping cart which doesn't use CSRF tokens. A malicious site could create a form with a button that says "Click here to register", but actually orders 1000 of something from your site. If a logged in user from your site visits this malicious site and clicks the button, they'll get a nice surprise in the mail.
显然还有其他情况,这些只是几个例子。应该显示大量的文章和教程,其中许多可能还会有其他示例。 Wikipedia页面还提供了一些您可能会感兴趣的示例。
Obviously there are other cases, these are just a few examples. A Google search should show up plenty of articles and tutorials, many of which will probably have some other examples. The Wikipedia page also has some examples which you might find interesting.
示例的主要思想是,某人可以诱骗您的网站执行操作,就好像该操作来自用户一样,而实际上该用户并不知道该操作正在发生或没有发生。不想它发生。如果您在网站上采取了任何具有破坏性的操作(即可以从用户帐户中删除内容,注销用户等)或严重的操作(即处理金钱),则应该使用CSRF令牌。如果您的站点只是朋友的相册,等等,那么您可能无需理会CSRF令牌(尽管在构建需要它们的站点时练习总是很有益的。)
The main idea of the examples is that someone can trick your site into performing an action as if it came from a user, when really the user wasn't aware it was happening or didn't want it to happen. If you have any sort of action on your site which is destructive (i.e. can delete things from a user account, logout a user, etc.) or critical (i.e. deals with money) you should probably use CSRF tokens. If your site is just a photo album for friends, etc. then you probably don't need to bother with CSRF tokens (although it's always good to practice for when you do build a site that needs them).
除非您添加令牌以确保请求来自您的网站有意呈现给用户的表单,否则您实际上无法知道用户是否打算执行该操作。
Unless you add a token to ensure that a request came from a form your site presented to the user intentionally, you don't really have a way of knowing if the user intended to perform the action.
因此,您始终想在生成POST的每种表单上使用唯一的令牌,并验证发布到您站点的所有请求都具有当前用户的有效令牌。另外,请确保在一段时间后使令牌过期,以免它们永远存在。
So you always want to use a unique token on every form you generate that POSTs and validate any requests that are POSTed to your site have a valid token for the current user. Also make sure to expire the tokens after some amount of time so that they don't last forever.
这篇关于没有CSRF令牌的表格:存在哪些风险的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
