I have read the thread about CSRF attacks in websockets (Do websocket-powered web apps (e.g. "comet" apps) have to worry about CSRF?) and also some more material regarding websocket security, but none of them seem to address the following issue -
Is it possible for an attacker to cause (by luring the victim to press a link) a legitimate user to open a websocket towards the legitimate service and/or cause the victim to send messages crafted by an attacker within the victim's existing websocket? (similar to a standard CSRF attack in the context of HTTP).
If possible, what can be done to prevent it? Is sending a token in the websocket URL during the websocket opening enough, or does the token need to be sent within each and every one of the requests sent within the websocket?
We are intending to use websockets to implement a chat in the unauthenticated area of our site, and we want to make sure we are doing everything possible to prevent malicious users from executing attacks similar to the one described above. Any special recommendations regarding the most secure way to implement this?
Thanks!
Aucun commentaire:
Enregistrer un commentaire