| 摘要 |
<p>Efficient cross-site attack prevention, in which web pages are stored on a site, the web pages being organized into entry pages that do not accept input, and protected pages that are not entry pages. A request is received from a user application to receive a requested web page, the request including a referrer string indicative of a referring web page, and identification data. It is determined whether the requested web page is an entry page or a protected page, and it is further determined, if the requested web page is determined to be a protected page, if the user application is authorized based upon the identification data, and if the referring web page is stored on the site based upon the referrer string. The requested web page is transmitted to the user application if the user application is determined to be authorized and if the referring web page is determined to be stored on the site, and the request is redirected to an entry page if the user application is determined to be not authorized or if the referring web page is determined to be not stored on the site.</p> |
