Answer the question
In order to leave comments, you need to log in
S
S
Sergey Zhukov2015-11-18 13:52:46
Sergey Zhukov, 2015-11-18 13:52:46
Do I need a captcha for csrf protection?
Actually, can the bot also palm off csrf? Is it possible not to use captcha if there is csrf protection?
3 answer(s)
@alexey-m-ukolov
@thecoder
A
Alexey Ukolov, 2015-11-18 @alexey-m-ukolov
csrf is the token you will pass in the response to the request. Therefore, a bot can also receive and use it.
Well, in general, it was not invented for these purposes.
S
Sergey Rogozhkin, 2015-11-18 @thecoder
csrf does not present any obstacles for the bot. For example, I can open a site through phantomjs and programmatically hit the submit button. All required fields and cookies will be in place.
Csrf is needed so that a user already logged in to you cannot perform actions in the background when visiting the left site. Those. went to a porn site, and he spammed tweets on the sly, because the user is already logged in on twitter. To avoid this, they generate a token when the original site is opened and bind it to the user session.
Similar questions
S
A
P
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question