News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Michael Nitschinger's Blog:
Securing Lithium Forms
June 08, 2011 @ 12:03:23

Michael Nitschinger has a new post to his blog today showing how you can secure the forms in Lithium using the handy CSRF token implemented directly in the framework.

CSRF (Cross-Site-Request-Forgery) attacks work by sending arbitary (form) requests from a victim. Normally, the receiving site (in our case the Controller who processes the form data) doesn't know where the data comes from. The CSRF protection in Lithium aims to solve this problem in an elegant and secure way. You can read more about those attacks here. Note that you'll need to clone the latest master branch of Lithium if you want to try it out now.

There's two parts to the protection, one on either side of things - a field in the form output and a check in the controller to see if the submitted value is correct. He includes code for a simple form (a title field and submit button) that lazy loads the Security helper and generates the token for you. He walks through the controller side of things a line at a time and includes a sample logging/forwarding bit in the second example to redirect users when the CSRF check doesn't pass.

0 comments voice your opinion now!
secure lithium framework form csrf security


blog comments powered by Disqus

Similar Posts

Sameer Borate's Blog: Checking your site for malicious changes

Shahar Evron's Blog: Adapters of the new Zend_Http_Client

NetTuts.com: The Best Way to Learn PHP

Felix Geisendörfer's Blog: Learning from the CakePHP source code - Part 2

John Mertic's Blog: PHP Windows Installer updated for PHP 5.2.0RC2 and more


Community Events





Don't see your event here?
Let us know!


series voicesoftheelephpant symfony library interview list bugfix introduction laravel podcast opinion tips install api community release deployment package language framework

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework