首页>
外国专利>
Protecting clients from open redirect security vulnerabilities in web applications
Protecting clients from open redirect security vulnerabilities in web applications
展开▼
机译:保护客户端免受Web应用程序中的开放重定向安全漏洞的攻击
展开▼
页面导航
摘要
著录项
相似文献
摘要
Described embodiments protect clients from open redirect security vulnerabilities in Web applications. A primary application receives a request for an operation to be performed on behalf of a secondary application. The request includes a return location parameter containing i) a return location, and ii) an encrypted portion. After completing the requested operation, the primary application retrieves the return location parameter and a cryptographic key uniquely associated with the secondary application. The primary application decrypts the encrypted portion of the return location parameter to generate a decrypted value, and uses the decrypted value to validate the return location contained in the return location parameter. The primary application transmits a redirect message to the client that causes the client to be redirected to the return location contained in the return location parameter only in response to the return location being successfully validated based on the decrypted value.
展开▼