开发者

avoid cross site scripting via httpmodules for use in asp.net mvc2

开发者 https://www.devze.com 2023-03-22 11:24 出处:网络
Is there a better way other than the Anti Forgery Token like built-in functionalities in asp.net mvc2. I would like to code my own http module to avoid CSRF.

Is there a better way other than the Anti Forgery Token like built-in functionalities in asp.net mvc2. I would like to code my own http module to avoid CSRF.

Also to my understanding the Anti开发者_运维知识库forgerytoken does not generate any cookies. Is the "double-submitted cookie" a good method?

Any best practices or suggestions.

--edit : This link is useful: Stackoverflow previous question


This library looks similar to what you are writing. http://anticsrf.codeplex.com/ It uses a cookie for a token. I've used it and it helped my project pass a security review.

0

精彩评论

暂无评论...
验证码 换一张
取 消