[英]Using SSL and AntiForgeryToken
I am developing a website which forces the user to use HTTPS. 我正在开发一个网站,该网站强迫用户使用HTTPS。 Do I need to worry about also using the Html.AnitForgeryToken helper?
我是否需要担心还使用Html.AnitForgeryToken帮助器?
HTTPS is used to protect the transport of the data only. HTTPS仅用于保护数据传输。 The AntiForgeryToken is used to prevent CSRF attacks .
AntiForgeryToken用于防止CSRF攻击 。 CSRF attacks are possible with and without HTTPS, which means you still need this protection even if you use HTTPS.
使用HTTPS和不使用HTTPS都可能发生CSRF攻击,这意味着即使使用HTTPS,您仍然需要此保护。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.