CSRF tokens prevent cross-site reference forgery. In this video, learn how to explain how that attack works and how to prevent it in Django.
- CSRF attacks also known as, … cross-site request forgery attacks. … Allow an attacker to automatically execute code … in a web browser on behalf of a user. … The danger of a CSRF attack … is that it can be invisible to the user. … For example, an attacker … could attempt to transfer money on a bank website … on behalf of the user. … Another type of attack … could attempt to change a user's email address, … or password to something that the attacker knows. … Here we have our journal view … which will list a bunch of journal entries for the user, … and this is the zero knowledge journal view. … And we want to make sure, … that whenever any request is sent to this view, … that it is protected with a CSRF token. … So, we going to use CSRF protect, … and django has another decorator called CSRF exempt, … In case you do want a view that is exempt from CSRF tokens. … In this case, … we want the CSRF token to be there for any post request. … And then we can go to the journal template, … where we can see there's a form for adding …
Skill Level Advanced
Building a Paid Membership Site with Djangowith Nick Walter1h 15m Intermediate
OWASP Top 10: #7 XSS and #8 Insecure Deserializationwith Caroline Wong26m 31s Intermediate
Building RESTful Web APIs with Djangowith Rudolf Olah1h 9m Intermediate
1. Permissions, Access Controls, Activity Logs
2. Throttling a Flood of Requests
3. Protecting Data and Data Privacy
4. 2FA: Two-Factor Authentication
5. CSRF: Cross-Site Request Forgery Protection
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.