on 01-18-2018 8:16 AM
I am using sap.m.UploadCollection to upload file from SAPUI5 toolkit and stored it in binary format in sap hana db (blob) through xsjs. I am curious to know why we normally attach CSRF token in request header of File upload web service.
Hi Goutham R,
CSRF stands for Cross-Site Request Forgery. According to wikipedia, it is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. To prevent CSRF attacks, we need to send an CSRF token, alongwith the user's data, while sending it from the front end. In layman's words, a CSRF token is something, that is used to ensure your backend that the correct user is making the transaction from the front end. View the foll. links for in-depth explanation of the CSRF mechanism.
Hope this helps,
Regards,
Arjun Biswas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Arjun Biswas,
Thanks for your response. I know about CSRF attack and it's prevention by using CSRF token generated by Server. But why only in the case of file upload do we need to attach CSRF token not in other case like form submission. Hope you got my question.
Regards,
Goutham R
In the case of file upload, you work with lots of data (more than normal used in form submission). So, to prevent attacks in such huge amount of data, we use the CSRF token. In some frameworks (eg. Laravel), it is mandatory to specify the CSRF token while sending form data too.
Regards,
Arjun Biswas
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.