Feeds

back to article Google (finally) adds protection for common Web 2.0 attack

Google has beefed up the security of Gmail and its other services by adding a feature to login pages that blocks one of the more common forms of web attacks. The upgrade is designed to protect against CSRF, or cross-site request forgery, attacks. The technique subverts basic website defenses by exploiting the often-misplaced …

COMMENTS

This topic is closed for new posts.

per page tokens are very annoying

Most website didn't adopt this measure because it produces tons of false positives. Clicking the back button on your browser, double clicking a button under certain conditions, hitting refresh and so on, will trigger this protection. It's a great thing on banking websites, but very annoying on general purpose websites. Per page tokens should be a last resort measure.

0
0
WTF?

Web 2.0?

What exactly makes CSRF exclusively a 'Web 2.0' vulnerability?

0
0
Silver badge

@nickrw

"What exactly makes CSRF exclusively a 'Web 2.0' vulnerability?"

Marketing.

0
0
Happy

Did this Break gmail?

I haven't had any spam all day. What's happened?

0
0
Gold badge
Coffee/keyboard

@Graham Dawson

Coffee, keyboard, you know the drill....

0
0
Anonymous Coward

@pitagora

"Per page tokens should be a last resort measure."

Personally I only use token-checking against non-idempotent requests. That _seems_ to work ...

0
0
This topic is closed for new posts.