News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Henrik Bjørnskov's Blog:
Symfony2 Add Cross Site Request Forgery protection to login forms
December 30, 2011 @ 10:28:42

In a new post to his blog Henrik Bjørnskov has a tip on preventing cross-site request forgeries in your Symfony2 forms with the help of a simple Symfony2 configuration setting.

When talking with @jmikola on #Symfony-dev this afternoon we got into the subject of cross site request forgery and symfony2 login forms. And it seems that form-login already supports this but neither of us knew how it worked. So here is another quick tip. This time about securing you login form from cross site attacks.

The key is to define a "csrf_provider" in your security.yml config file and point it to the "form.csrf_provider" provider. He also includes the controller and view code/templating you'll need to get the token included in the form (and validated).

0 comments voice your opinion now!
symfony2 framework security crosssite request forgery csrf form


blog comments powered by Disqus

Similar Posts

Frank Wu's Blog: Choosing a PHP Framework Round 2: Yii vs Kohana vs CodeIgniter

SpinDrop.us: Not taking frameworks for granted

The Bakery: Eight New Articles, Helpers & Components

Enterprise PHP Magazine: Why Groupe Girard choosed PHP to J2EE to develop their ERP

Secubos.com: Cross-Site Scripting Vulnerability in phpFaber


Community Events

Don't see your event here?
Let us know!


voicesoftheelephpant development conference middleware api language unittest opinion laravel extension interview framework laravel5 library release series introduction community wordpress podcast

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework