Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • Cross-Site Request Forgery in Rails

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 476
    Comment on it

    What is CSRF in rails?

    CSRF means Cross-Site Request Forgery. It is an attack where an attacker will submit a form on our behalf to a different website , causing damage to the website or revealing the sensitive information from the website.On a request the browser automatically includes cookies for a domain , if we are currently logged in to the target site , the request from the attacker will appear to come from us as a logged-in user.(as we sent the session cookie with the POST request)

     

    How Rails help us to protect against it?

    Rails helps us to protect against CSRF attack by making us add  protect_from_forgery in our ApplicationController. It will then require CSRF token to be present before accepting any Post , Put or Delete request. Rails form builder automatically include CSRF token as a hidden field in every form. CSRF token is also included as a header in the GET requests so that non-form based mechanisms can use it for sending a POST request. Attackers are unable to steal the CSRF token from the browsers because of the "same origin" policy of the browsers.

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: