Examples of using Csrf in English and their translations into Chinese
{-}
-
Political
-
Ecclesiastic
-
Programming
What does CSRF do?
CSRF可以做什么??CSRF: Attack and Defense.
CSRF--攻击与防御.What is a CSRF attack?
什么是CSRF攻击??There are two settings related secure cookies: SESSION_COOKIE_SECURE and CSRF_COOKIE_SECURE.
因此,你应该将SESSION_COOKIE_SECURE和CSRF_COOKIE_SECURE设置为True。Why is it common to put CSRF prevention tokens in cookies?
为什么是共同把CSRF令牌防止饼干吗??
I had access to boarding‘s source code,so technically I could solve the problem by disabling the CSRF protection.
我能访问boarding的源代码,所以理论上我可以让CSRF保护失效,从而解决这个问题。As can be seen from the figure, to complete a CSRF attack, the victim must complete the following two steps:.
要完成一次CSRF攻击,受害者必须依次完成两个步骤:.Nevertheless, CSRF attacks are still a threat and it is important, you protect your website or app from it.
尽管如此,CSRF攻击仍然是一种威胁,重要的是,你要保护自己的网站或程序免受攻击。Using XSS to bypass CSRF protection.
利用XSS绕过CSRF令牌保护.CSRF is a type of attack where various actions are performed on the web app where the victim is logged in without the victim's knowledge.
CSRF是一种攻击类型,在受害者不知情的情况下,在受害者登录的Web程序上执行各种操作。Be very careful with marking views with the csrf_exempt decorator unless it is absolutely necessary.
使用csrf_exempt装饰器来标记视图时,要非常小心,除非这是极其必要的。CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.
CSRF攻击专门针对状态改变请求,而不是数据窃取,因为攻击者无法查看对伪造请求的响应。As can be seen from the figure, to complete a CSRF attack, the victim must complete the following two steps:.
从上图可以看出,要完成一次CSRF攻击,受害者必须依次完成两个步骤:.Luke has contributed many excellent improvements to Django,including database-level improvements, the CSRF middleware and many unit tests.
Luke对Django做了许多优秀的改进,包括数据库级别的改进,CSRF中间件和许多单元测试。As can be seen from the figure, to complete a CSRF attack, the victim must complete the following two steps:.
从图中可以看到,要完成一次CSRF攻击,受害者必须一次完成两个步骤:.These middleware handle reading and writing the HTTP session, determine if the application is in maintenance mode,verifying the CSRF token, and more.
这些中间件处理读取和写入HTTP会话,确定应用程序是否处于维护模式,验证CSRF令牌等等。XSS attacks exploit thetrust a user has for a web site, while CSRF attacks exploit the trust a web site has for its users.
XSS攻击利用用户对web站点的信任,而CSRF攻击则利用网站对其用户的信任。This article introduces CSRF(cross-site request forgery) vulnerability and demonstrates how to prepare a CSRF proof of concept with OWASP ZAP.
这篇文章介绍CSRF(跨站请求伪造)漏洞,并演示如何使用OWASPZAP检测CSRF。First of all, it's worth mentioning that the GLiweb server did not have CSRF protection mechanisms in place at all.
值得一提的是,GLiWeb服务器根本没有开启CSRF保护。The expert pointed out that the CSRF attack worked even when the user was authenticated in cPanel and phpMyAdmin was closed after use.
专家指出,即使用户在cPanel中进行了身份验证,并且phpMyAdmin在使用后关闭,CSRF攻击仍然有效。For this reason, you should set your SESSION_COOKIE_SECURE and CSRF_COOKIE_SECURE settings to True.
因此,你应该将SESSION_COOKIE_SECURE和CSRF_COOKIE_SECURE设置为True。One of the most frequent approaches is to solve a task of classification where classes are something like“benign requests, SQL injections,XSS, CSRF, etc.“.
最常见的一种方法,就是将其作为分类任务进行处理,其中的类别可以是“良性请求、SQL注入、XSS、CSRF,等等”。Let's assume, that the bank X's money transfer form is vulnerable to CSRF(no CSRF token, no authorization password).
让我们假设,X银行的钱汇款形式是易受到csrf攻击(没有CSRF令牌,没有授权密码)。To mitigate the risks of REST API exposure and CSRF attacks, there's a need to control the requests, limiting their format.
为缓解RESTAPI暴露和CSRF攻击的风险,需要对请求加以控制,限制它们的格式。This is in stark contrast to the results in my(and others)security contract work- CSRF is an important security issue.
这倒和我(以及其他人)的安全合约工作得到的结果完全相反--CSRF是个严重的安全问题。There was only one problem:the boarding form had CSRF protection, which meant it expected a unique token to be included in every request.
这里只有一个问题:boarding表格有CSRF保护,这意味着它需要每个请求里包含一个独一无二的令牌。Php file contains routes that the RouteServiceProvider places in the web middleware group,which provides session state, CSRF protection, and cookie encryption.
Php文件包含RouteServiceProvider放置在web中间件组中的路由,它提供会话状态、CSRF防护和cookie加密。To get the token, have a look at<meta name='csrf-token' content='THE-TOKEN'>tag printed by<%= csrf_meta_tags%gt; in your application view.
要想获取令牌,请查看应用视图中由<%=csrf_meta_tags%>这行代码生成的<metaname='csrf-token'content='THE-TOKEN'gt;标签。Incidentally, the second cookie is an anti-forgery token to prevent CSRF attacks and has nothing to do with our authenticated state.
另外,第二个cookie是一个防伪标记,以防止CSRF攻击,并且与我们的认证状态无关。
