Explain CSRF like I'm five.

Did you find this post useful? Show some love!

CSRF (Cross Site Request Forgery) is also known as Sea-Surf or Session Riding. It's is a form of trick that bad folks play on the browser in order to get it to do unexpected things in applications that you're already logged in.

For example, imagine you were logged into your Supercell game on the internet. You get an e-mail saying "Click here to get 500 gems for free!". Clicking on the text, on the contrary, will actually initiate a request to Supercell to transfer all your gems to the hacker's account. Now, along with the request, the browser always sends the cookies to Supercell as well. Supercell verifies if the cookies are valid (which they are because you just logged in!), Supercell will trust the browser and the request and doesn't know that this is not what you wanted. They will go ahead and execute this instruction thinking this is what you wanted to do.

This is a CSRF. The browser & Supercell got tricked into doing something they shouldn't have done. There are multiple ways to prevent yourself and your website from a CSRF attack but that's a conversation for when you're 10. For now, stay away from spammy links. :D

Classic DEV Post from Jun 22

What are the alternatives to unit tests?

When I was in university, I had a lecturer who didn't like unit tests. He was a...

Follow @kayis to see more of their posts in your feed.
Just an other curious 🐜
More from @hemanth
Explain JWT like I'm five.
#web #javascript #explainlikeimfive #discuss
Explain Redux like I'm five
#discuss #explainlikeimfive #react
Trending on dev.to
Egghead, Udemy or ...
#discuss #webdev #javascript #career
What are the alternatives to unit tests?
#coding #discuss
Rails Sprockets Vulnerability
#rails #sprockets #security #heroku
What are some good questions for a "State of the Web" survey?
#webdev #discuss
What Happens If Your JWT Is Stolen?
#websecurity #security #jwt #javascript
Fast & easy... React states management in one function
#javascript #react #function #web
[Web] Your download will start in a few seconds...
#help #web
5 Reasons You Should Write That Blog Post
#career #beginners