Synchronizer-Token-Patterns
Synchronizer Token Patterns. The Encrypted Token Pattern is a defense mechanism against Cross Site Request Forgery (CSRF) attacks, and is an alternative to its sister-patterns; Synchroniser Token, and Double Submit Cookie. Each of these patterns has the same objective: To ensure that any given HTTP request originated from a trustworthy source To uniquely identify the user that issued the HTTP request In the first instance, the need to ensure that requests originate from a trustworthy source is an obvious requirement. Essentially, we need to guarantee that any given request has originated not only from the user’s web-browser, but also from a non-malicious link, or connection. Once you have verified that the request appears to be the same origin request so far, we recommend a second check as an additional precaution to really make sure. This second check can involve custom defense mechanisms using CSRF specific tokens created and verified by your applicati