stackoom
  简体   繁体   中英

avoid cross site scripting via httpmodules for use in asp.net mvc2

 原文  2011-07-25 06:00:31       c#/ asp.net-mvc-2/ csrf

Question

Is there a better way other than the Anti Forgery Token like built-in functionalities in asp.net mvc2. I would like to code my own http module to avoid CSRF.

Also to my understanding the Antiforgerytoken does not generate any cookies. Is the "double-submitted cookie" a good method?

Any best practices or suggestions.

--edit : This link is useful: Stackoverflow previous question

1 answers

solution1
 1  2011-08-02 14:12:39

This library looks similar to what you are writing. http://anticsrf.codeplex.com/ It uses a cookie for a token. I've used it and it helped my project pass a security review.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.Net MVC2 Securing the site via tokens and whatnot ValidateInput Cross Site Scripting Prevention not working Asp.net MVC Correct way to remove/disable HttpModules from ASP.NET MVC 3 site How to handle cross site scripting in ASP.NET Core Cross Site Scripting & filter request asp.net Prevent Cross site scripting attack in asp.net C# ASP.NET EnableViewStateMac cross-site scripting Asp.Net MVC2 Error in view Asp.net MVC2 - Multiple databases ASP.Net MVC2 DropDownListFor
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM