net.sf.mmm.service.api

Interface CsrfToken

All Superinterfaces:

Datatype, Security, Serializable

All Known Implementing Classes:

DefaultCsrfToken

public interface CsrfToken
extends Datatype, Security

This is the interface for a security token to prevent cross site request forgery (CSRF) and potentially other attacks. Such token is to be generated on the server send to the client. The client will store it and then send the token within the next request(s). The server will validate that the token equals to the one that has been generated by the server. Typically the token is generated during the login process and is then send with every subsequent request. This is sufficient to prevent XSRF attacks and has no other impact on the client application. However, for highest security it is also possible to generate one-time tokens with every request that are only valid for the next request. The latter approach may cause problems with navigation history (back- and forward-button, etc.).

Since:

1.0.0

Author:

Joerg Hohwiller (hohwille at users.sourceforge.net)

Method Summary

Methods inherited from interface net.sf.mmm.util.lang.api.Datatype

toString