libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Update topics/threat/csrf.adoc

Browse source
This commit is contained in:
Stian Thorgersen 2016-06-13 08:39:23 +02:00
parent 480f3aeb4a
commit 6ee7184f92
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
topics/threat/csrf.adoc
View file

@ -2,7 +2,7 @@
=== CSRF Attacks
Cross-site request forgery (CSRF) is a web-based attack whereby HTTP requests are transmitted from a user that the
web site trusts or has authenticated with(e.g., via HTTP redirects or HTML forms). Any site that uses cookie based authentication is vulnerable to these types of attacks.
web site trusts or has authenticated with(e.g. via HTTP redirects or HTML forms). Any site that uses cookie based authentication is vulnerable to these types of attacks.
These attacks are mitigated by matching a state cookie against a posted form or query parameter.
The OAuth 2.0 login specification requires that a state cookie be used and matched against a transmitted state parameter.