发表新帖
发表新帖

Anti forgery token on login page

后端 未结
关注
4 1378
执念已碎
执念已碎 2020-12-14 02:56

I have implemented antiforgery token on my login page.

Now I had one user pressing back key on the keyboard, and when they click on login button again after filling

4条回答
  • 暗喜
    暗喜 (楼主)
    2020-12-14 03:10

    Don't implement the ASP.NET AntiForgeryToken on your login page. The token is based on a username among other criteria and a login page assume the attacker already has credentials to a system in order to be able to exploit csrf on that page.

    However, you should use some form of CSRF protection on your login page - see https://security.stackexchange.com/a/2126/51772

    0 讨论(0)
 看不清?
提交回复
热议问题