Dont use links to do actions on websites

by Vijay 2009-11-06 12:26:13

Never use links to perform actions - just use them for their intended purpose, which is to go to related content.

For example, you should never have "delete this" links on a page. Instead you should use form submissions for such actions.

In practice, the biggest reason to avoid action links is because they are vulnerable to Cross-Site Request Forgeries (CSRFs).

If a password-protected area of your site contains a "Delete" hyperlink, this will usually be a security hole. Heres how a CSRF attack works:

1. A user visits your site and logs in. Perhaps a cookie is set to enable that user to remain logged in for an extended period.
2. Later, while still logged into your site, the user is lured into visiting a malicious web site set up by the attacker.
3. The malicious web site contains an <img> or <script> tag, the src attribute of which points to the URL of one of your Delete links.
4. The users browser dutifully (and invisibly) requests the URL in an attempt to load it as an image or script.
5. Your server, seeing a request for the Delete URL from a logged-in user, deletes the content without question.

The other thing is if you are having an open site where there is no registration needed then even the bots/spiders can follow the link thus actually deleting content.

Replacing your action links with form POSTs prevents simple CSRF attacks like this.

Googles initial release of Google Web Accelerator wreaked havoc on many sites that used action links.
Situations like this are relatively rare, but we should always take care for our customer's data.

So never have links for actions like deleting/updating in forms. Instead use forms and do these things.



Tagged in:

1019
like
0
dislike
0
mail
flag

You must LOGIN to add comments