??? ??????? ????????????

?????? (?? ??????? : CSRF ) ????????? ???? ??? ??????? ???????????? ? ???? ?? ????? ???????? ?? ???????? ????? ??????? ?? ???? ?????? ???. ?? ????? ???? ??? ??????? ???? ?? ????? ?? CSRF (?? ?? ?? XSRF ?? ???? ??????)? ??????????? Cross-Site Request Forgery ?? ?????????? ?? ??? ?? ????? ?? ??????? ?? ?? ???????? ???? ??? ?? ??????? ???????? ?? ????? ???? ?? ??? ????? ????? ?? ??????????. ^[?] ?? ??? ??? ?? ????? ?????? ?? ?? ?? ????????? ??????? ?? ??? ???? ???????? ?? ????? ?? ??????? ?? ??????? ?? ?? ????????? ??? ?? ????????? ??????? ?? ???? ?? ????????? ?? ????? ???. ???? ????? ??? ?????? ??????? ?? ???? ????????? ??? ? ???? ???????? ??? ???? ???? ????? ?????????? ???? ????? ??????????? ????? ?????? ?? ???? ?????? ??????? ????? ?? ??????? ??????????? ?? ???? ?? ????? ???? ?? ???? ???? ??? ?????? ???? ????? ????? ???? ???? ???? ? ?? ???? ?????? ???????? ???? ?????? ??? ?? ?? ???? ?? ???? ???? ?? ????????? ???? ??????? ?????? ? ?? ????? ??? ????????? ???? ???? ?????????? ??????? ?? ?????? ??? ????? ????????? ??????? ?????? ??. ??? ??? ???? ?? ??????? ???? ???? ????? ?? ?? ??? ??? ???????? ? ?? ????? ???? ????? ??????? ???????? ?????? ??????. ^[?]

???? ???? ???? ?? ??? ??????? ???????????? ???? ????? ???? ???? ???? ? ???? ????? ????????? ???? ????????? ?? ?? ??????? ?????????? ?? ???????? ?????? ?????????? ????? ??? ???? ????? ???? ?? ?????? ???????? ?? ????? ??? ?? ?????? ?????? ??????? ?? ???? ????. ^[?]

???? ????? ???? ????? ?? ???????? ???? ???? ???????? ?? ?? ?? ??? GET ? POST (?? ??????? ?? ??????????? ) ??????? ???. ???? ??? ??????? ?? ????? ??? ??? ????? ??????? ?? ?? ???????? ^{[? ?]} ???? ? ???? ?? ???? ???? ^{[? ?]} (????? ?? ????? ^{[? ?]} ????) ??? ?? ???? ???? ????? ????? ?????? ?? ?? ?????????? ???. ^[?]

???? ??????? ? ???? ????? CSRF ???? ?????? ???? ???? ?? ?????? ????? ??????? ??:

????? ??????? ????? ?? ?????? ??????? ??? ???? ?? ??? ???? ???? ???? ???? ?? ?? ???? ?????? ??? ???? ????.
?? ????? ????? ??? ???? ? ??????? ?????? ??? ????? ????.
??? ???? ?? ??? ??????? ???? ????? ???????? ????? ?????.
?? ???? ?????? ?? ??? ???? ???? ?????.
??????? ? ???????? ????? ?? ?? ??? ??? ??? ?????. ^[?]

????? ?????? ?? ????? ?????? ?????? ??????? ??????? ?? ???? ?? ??? ????? ??????? ?? ?????? ????????? ?? ??????? ?????? ????? ?? ?????? ?????????? ????????? ? ??????? ?? ????? ???? ?????? ?????. ?? ??? ??? ?? ????? ????? ?? ????? ?????? ??? ??????? ????????? ^{[? ?]} ??? ??? ??????? ???? ?????? ??? ??? ???????. ??????????? ?? ???? ?? ??? ??? ?? ????? ??????????? ??????? ?????????? ????? ??????????? ^{[? ?]} ??? ?????. ???????? ????? ????? ??????????? ? ?????? ?? ??? ??? ?? ?? ???? ?? ????? ???? ^{[? ?]} ?? ???? ??????????? ???? ?? ??? ????? ??????? ????? ?????? ??????? ??????? ??? ?? ???? ???? ?? ????? ?? ??????? (????? ??????? ????? ?? ???????? ??????? ??? ???? ?…) ????? ???????. ????? ????? ???? ?? ??? ?????? ??????? ??? (????? ??????????? ????? ????)? ??? ????? ??? ??????????? ?? ???? ??? ???????? ???? ???????? ?? ??????????? ?????? ???. ^[?]

???????? ?????? [ ?????? ]

????????? [ ?????? ]

↑ Token
↑ session
↑ cookie
↑ Standard operating procedure
↑ javascript hijacking
↑ hook

????? [ ?????? ]

↑ ?????? ??????????? ?????? ?????? Gerdab IR | ( ?? ?? ???? ). ≪?????? / ???? CSRF ?????≫ . fa . ?????????? ?? ????-??-?? . ^{^{[
????? ????
]}}
↑ Abhay Bhargav; B. V. Kumar (29 September 2010). Secure Java: For Web Application Development . CRC Press. pp. 97?. ISBN 978-1-4398-2356-9 . Retrieved 17 March 2013 .
↑ Justin Clarke (16 June 2009). SQL Injection Attacks and Defense . Elsevier. pp. 360?. ISBN 978-1-59749-973-6 . Retrieved 17 March 2013 .
↑ Jarkko Laine; Christian Hellsten (9 November 2006). Beginning Ruby on Rails E-Commerce: From Novice to Professional . Apress. pp. 250?. ISBN 978-1-4302-0276-9 . Retrieved 17 March 2013 .
↑ ?????? ??????????? ?????? ?????? Gerdab IR | ( ?? ???? ???? ). ≪?????? / ???? CSRF ?????≫ . fa . ?????????? ?? ????-??-?? . ^{^{[
????? ????
]}}
↑ Zhihong Qian; Lei Cao; Weilian Su (20 January 2012). Recent Advances in Computer Science and Information Engineering . Springer. pp. 560?. ISBN 978-3-642-25789-6 . Retrieved 17 March 2013 .

[4] Token

[5] session

[6] ↑ cookie

[9] Standard operating procedure

[10] vascript hijacking

[11] ↑ hook

[1] ?????? ??????????? ?????? ?????? Gerdab IR | ( ?? ?? ???? ). ≪?????? / ???? CSRF ?????≫ . fa . ?????????? ?? ????-??-?? . ^{^{[
????? ????
]}}

[BhargavKumar2010-2] Abhay Bhargav; B. V. Kumar (29 September 2010). Secure Java: For Web Application Development . CRC Press. pp. 97?. ISBN 978-1-4398-2356-9 . Retrieved 17 March 2013 .

[Clarke2009-3] Justin Clarke (16 June 2009). SQL Injection Attacks and Defense . Elsevier. pp. 360?. ISBN 978-1-59749-973-6 . Retrieved 17 March 2013 .

[LaineHellsten2006-7] Jarkko Laine; Christian Hellsten (9 November 2006). Beginning Ruby on Rails E-Commerce: From Novice to Professional . Apress. pp. 250?. ISBN 978-1-4302-0276-9 . Retrieved 17 March 2013 .

[8] ?????? ??????????? ?????? ?????? Gerdab IR | ( ?? ???? ???? ). ≪?????? / ???? CSRF ?????≫ . fa . ?????????? ?? ????-??-?? . ^{^{[
????? ????
]}}

[QianCao2012-12] Zhihong Qian; Lei Cao; Weilian Su (20 January 2012). Recent Advances in Computer Science and Information Engineering . Springer. pp. 560?. ISBN 978-3-642-25789-6 . Retrieved 17 March 2013 .

[?]

[?]

[?]

[? ?]

[? ?]

[? ?]

[?]

[?]

[? ?]

[? ?]

[? ?]

[?]