News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Kevin Schroeder:
Generating secure cross site request forgery tokens (csrf)
February 11, 2013 @ 11:23:10

In this new post to his site Kevin Schroeder has a new post with his take on generating more secure CSRF tokens for use in your site.

In researching the second edition for the IBM i Programmer's Guide to PHP Jeff and I decided to include a chapter on security since we really didn't talk much about it in the first edition. I'm talking about cross site request forgeries right now and I wanted to make sure that what I was going to suggest would not break the internet in some way. I did some Google searching to see what other people were recommending.

Most of the examples he saw used md5, uniqid and rand to create a randomized hash. He suggests an alternative - a method using the hash_hmac and openssl_random_pseudo_bytes methods to generate a sha256 hash for use in your page's submissions.

0 comments voice your opinion now!
csrf token generation hmac openssl


blog comments powered by Disqus

Similar Posts

Anson Cheung: Top 6 security attacks in PHP

O\'Reilly: PHP Code Generation with Elisp

PHPClasses.org: OpenSSL Serious Security Bug: Does it Affect Your PHP sites?

Hasin Hayder's Blog: Using OAuth PECL Extension to Talk to Twitter

Harry Fuecks' Blog: Using OpenSSL, RSA and RC4 to exchange encrypted data from PHP to Java


Community Events

Don't see your event here?
Let us know!


series php7 framework yii2 introduction list application laravel example community composer language part2 interview conference podcast project symfony opinion api

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework