csrf

Some variants use CSRF to pre-load data in forms , some don 't.

一些变种使用CSRF预先加载数据到表单，有些则没有。

In a CSRF attack , your users can easily become unsuspecting accomplices .

在CSRF攻击中，您的用户可以轻易地成为预料不到的帮凶。

If you know nothing about XSS or CSRF , take the time to learn more about these security vulnerabilities .

如果你知道什么的XSS或CSRF的，花时间去学习更多的有关这些安全漏洞。

In CSRF attacks , unauthorized commands are transmitted from a user that the Web site trusts .

在CSRF攻击中，从Web站点信任的用户处传播未经授权的命令。

A mashup application or page must address CSRF , Ajax vulnerabilities , XSS , and other potential security weaknesses .

mashup应用程序或页面必须解决CSRF、Ajax漏洞、XSS和其他潜在的安全漏洞。

Finally , make sure your PHP code is resilient to XSS attacks , form spoofs , and CSRF attacks .

最后，确保PHP代码可以抵抗XSS攻击、表单欺骗和CSRF攻击。

One technique intruders use to initiate a CSRF attack is to embed a URL within the src attribute of an tag .

入侵者发动CSRF攻击所使用的一种技术是将一个URL嵌入到标记的src属性中。

To guard yourself against CSRF , use the one-use token approach you use in your habit of verifying form posts .

为了保护您免受CSRF攻击，需要使用在检验表单post时使用的一次性标记方法。

Every edit operation must be accompanied by a token , which ensures the validity of the user request and protects against CSRF attacks .

每个编辑操作必须伴有一个令牌，这可确保用户请求的有效性，并抵御CSRF攻击。

As CSRF didn 't fit the requirements for clickjacking , we had to come up with a new term to avoid confusion .

由于CSRF不适合点击劫持的要求，我们不得不想出一个新名词，以避免混乱。

Cross-Site Request Forgeries ( CSRF attacks ) are exploits that take advantage of user privileges to carry out an attack .

跨站点请求伪造（CSRF攻击）是利用用户权限执行攻击的结果。

The server will assume that any requests that lack the correct value in the Request-Token header are CSRF attack attempts and will reject them .

服务器将假设Request-Token头部中缺乏正确的值的任何请求都是CSRF攻击企图并将拒绝它们。

CSRF ( Cross Site Request Fogery ) allows attackers to bypass cookie based authentication . I blogged about it a while ago .

一个是CSRF（CrossSiteRequestForgery，跨站点伪造请求攻击），它允许攻击者绕过基于cookie的身份认证，前些天我曾在Blog上介绍过这种攻击。

You can typically prevent CSRF attacks by requiring that a unique token or cookie be passed with every request , which can be done with Dojo .

您通常可以通过要求每个请求在发送时传递一个惟一的令牌或cookie来阻止CSRF攻击，这可以通过Dojo来完成。

With DWR we use full JavaScript which is as vulnerable as JSON , however DWR 's CSRF protection automatically uses the doubly-submitted cookie pattern to provide extra safety .

有了DWR，虽然我们使用的是纯JavaScript它与JSON一样脆弱，但是DWR的CSRF保护能自动使用双重提交cookie模式来提供额外的保护。

The browser 's same-origin policy does not prevent CSRF attacks because the attack requests are transmitted to the same origin in proxy for the intruding third-party site .

浏览器的同源策略无法阻止CSRF攻击，因为攻击请求被传输到第三方入侵站点的代理中相同的源。

In addition to handling traditional threats , a mashup application or web page must address such issues as cross-site scripting ( XSS ) and cross-site request forgery ( CSRF ), among others .

除了处理传统威胁外，混搭应用程序或web页面必须解决跨站点脚本编写（XSS）和跨站点请求伪造（CSRF）等问题。

You can prevent this type of CSRF attack if the server at mybank avoids the use of HTTP GET requests to initiate changes and , instead , uses only POST requests to initiate changes .

如果mybank的服务器避免使用HTTPGET请求来发起更改，而是只使用POST来发起更改，那么您可以阻止这种类型的DSRF攻击。