Fixed some duplicate words in the English version.
This commit is contained in:
Kelvin Salton do Prado
@@ -21,7 +21,7 @@ As can be seen from the figure, to complete a CSRF attack, the victim must compl
|
||||
-1. Log into trusted site A, and store a local Cookie.
|
||||
-2. Without going through existing site A, access the dangerous link to site B.
|
||||
|
||||
As a reader you may be asking: "If I do not meet the above two conditions, I will will not be subjected to CSRF attacks." Yes this is true, however you cannot guarantee that the following does not occur:
|
||||
As a reader you may be asking: "If I do not meet the above two conditions, I will not be subjected to CSRF attacks." Yes this is true, however you cannot guarantee that the following does not occur:
|
||||
|
||||
- You cannot guarantee that when you are logged into a site, the site didn't launch any hidden tabs.
|
||||
- You cannot guarantee that when you close your browser, your cookies will immediately expire and your last session will have ended.
|
||||
@@ -37,7 +37,7 @@ You might be a little scared after reading the section above. But fear is a good
|
||||
|
||||
Preventative measures against CSRF attacks can be taken on both the server and client sides of a web application. However, CSRF attacks are most effectively thwarted on the server side.
|
||||
|
||||
There are many ways of preventing CSRF attacks on the server side. Most approaches stem from from the following two aspects:
|
||||
There are many ways of preventing CSRF attacks on the server side. Most approaches stem from the following two aspects:
|
||||
|
||||
1. Maintaining proper use of GET, POST and cookies.
|
||||
2. Including a pseudo-random number with non-GET requests.
|
||||
|
||||
Reference in New Issue
Block a user