The present invention relates generally to computer security, and more particularly, to preventing Cross-Site Request Forgery (CSRF) security attacks on a server.
Security attacks on networked computers are a major concern for both business enterprises and individual users as their computers are increasingly using public networks such as the Internet to access data servers. As a client computer requests data from a server through the Internet, information about the client computer and its user might be obtained by an attacking computer if there are security exposures in the networks or in the client and server computers. Using illegitimately obtained data, the attacker may submit a forged request to the same server that the client is communicating with on the client's behalf, without the client or user being aware of it. The server would receive and process the forged request, and return the requested data as normal because it does not know that the request was forged and not intended by the user. Such a server-side security attack is referred to as a Cross-Site Request Forgery (CSRF) attack.
A Cross-Site Request Forgery attack might be sent through inline objects such as Iframes and Images in JavaScript® programs that automatically send data requests or post forms to the server. (“JavaScript” and “Java” are registered trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.) The attack could cause serious damage to both the server and the client, depending on the intent of the attacker. The server is unable to distinguish a forged request sent by the attacker from a legitimate one intended by the user and would proceed to act on the forged request, such as withdrawing funds from the user's bank account. The forged request might also direct the server to modify the server's data that in turn affect other users who access the same server.
A possible solution for minimizing the Cross-Site Request Forgery (CSRF) attacks is to make a client request non-predictable by introducing a random value to the vulnerable link or form action and expect to see that value when the request is submitted. This makes the request impossible for the attacker to predict, and as a result, minimizes the chance of attacks. However, this solution requires the relevant code to be changed and is costly to implement, especially when dealing with legacy or third-party applications or when the application code is unavailable or difficult to modify.