back to article Google (finally) adds protection for common Web 2.0 attack

Google has beefed up the security of Gmail and its other services by adding a feature to login pages that blocks one of the more common forms of web attacks. The upgrade is designed to protect against CSRF, or cross-site request forgery, attacks. The technique subverts basic website defenses by exploiting the often-misplaced …

COMMENTS

This topic is closed for new posts.
  1. pitagora

    per page tokens are very annoying

    Most website didn't adopt this measure because it produces tons of false positives. Clicking the back button on your browser, double clicking a button under certain conditions, hitting refresh and so on, will trigger this protection. It's a great thing on banking websites, but very annoying on general purpose websites. Per page tokens should be a last resort measure.

  2. nickrw
    WTF?

    Web 2.0?

    What exactly makes CSRF exclusively a 'Web 2.0' vulnerability?

  3. Graham Dawson Silver badge

    @nickrw

    "What exactly makes CSRF exclusively a 'Web 2.0' vulnerability?"

    Marketing.

  4. Kevin Roche
    Happy

    Did this Break gmail?

    I haven't had any spam all day. What's happened?

  5. TeeCee Gold badge
    Coffee/keyboard

    @Graham Dawson

    Coffee, keyboard, you know the drill....

  6. Anonymous Coward
    Anonymous Coward

    @pitagora

    "Per page tokens should be a last resort measure."

    Personally I only use token-checking against non-idempotent requests. That _seems_ to work ...

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021