Cross-site request forgery (CSRF or XSRF) is a method of attack against a Web site where an intruder masquerades as a legitimate user and trustworthy. XSRF an attack can be used to modify the firewall settings, according to data unauthorized to a forum or conduct fraudulent financial transactions. A compromise user may never know that such an attack took place. If the user does discover an attack, it may only be after the damage has been done and a remedy may be impossible.
XSRF an attack can be executed by stealing the identity of an existing user, and then hacking a Web server by using this identity. An attacker can deceive a legitimate user without sending the Hypertext Transfer Protocol (HTTP) request that the return of data users susceptible to intruders.
An attack is functionally XSRF the opposite of a cross-site scripting (XSS) attack, in which malicious hackers inserted in the coding of a link on a Web site that appears to be from a credible source confidence. When a user clicks on the link, embedded programming is presented within the framework of the client's request Web and can execute on the user's computer.
An attack XSRF also differs from cross-site tracing (XST), a sophisticated form of XSS that allows an intruder to get cookies and other data using authentication simple client-side script. In XSS and XST, the end user is the main target of the attack. In XSRF, the Web server is the first target collateral damage is often done to end users.
XSRF attacks that are more difficult to defend against attacks or XSS XST. In part, this is because XSRF attacks are less frequent and did not receive as much attention. Another problem is that it can be difficult to determine whether or not an HTTP request for a particular user is actually intended by the same user. Although strict precautions can be used to verify the identity of a user tries to access a Web site, users can not tolerate the frequent requests for authentication. The use of tokens can provide a cryptographic authentication frequent in the background so that the user is not constantly harassed by requests for authentication.
XSRF an attack can be executed by stealing the identity of an existing user, and then hacking a Web server by using this identity. An attacker can deceive a legitimate user without sending the Hypertext Transfer Protocol (HTTP) request that the return of data users susceptible to intruders.
An attack is functionally XSRF the opposite of a cross-site scripting (XSS) attack, in which malicious hackers inserted in the coding of a link on a Web site that appears to be from a credible source confidence. When a user clicks on the link, embedded programming is presented within the framework of the client's request Web and can execute on the user's computer.
An attack XSRF also differs from cross-site tracing (XST), a sophisticated form of XSS that allows an intruder to get cookies and other data using authentication simple client-side script. In XSS and XST, the end user is the main target of the attack. In XSRF, the Web server is the first target collateral damage is often done to end users.
XSRF attacks that are more difficult to defend against attacks or XSS XST. In part, this is because XSRF attacks are less frequent and did not receive as much attention. Another problem is that it can be difficult to determine whether or not an HTTP request for a particular user is actually intended by the same user. Although strict precautions can be used to verify the identity of a user tries to access a Web site, users can not tolerate the frequent requests for authentication. The use of tokens can provide a cryptographic authentication frequent in the background so that the user is not constantly harassed by requests for authentication.
