News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anthony Ferrara:
Preventing CSRF Attacks
February 20, 2013 @ 09:36:41

Anthony Ferrara has written up a new post to his site looking at efective use of CSRF tokens and a few different strategies for generating them.

There's been a bit of noise in the past week about the proper way to prevent Cross-Site-Request-Forgery (CSRF) attacks. It seemed to have started with this post. There's been discussion in the comments, and on Twitter about it, and there seems to be several opposing viewpoints on the matter. I want to start off by saying that I agree completely with the post in question. But I figured I'd write a post to explain WHY I agree with it.

He starts with an overview of a few of the common types of request forgery including from a javascript injection, a Man-in-the-Middle attack and a replay attack. He then breaks up the "lines of defense" part of the post into three different sections - adding a hidden token field to forms, changing the token for each request and using random numbers when regenrating them.

0 comments voice your opinion now!
csrf attack prevention overview token generation tutorial


blog comments powered by Disqus

Similar Posts

7PHP.com: Auto Generate Properties Dynamically For Your Classes Using Magic Methods & Reflection

Jeremy Cook's Blog: Installing Imagick under Apache on Windows

Pierre-Alain Joye's Blog: ext/filter, API frozen (!) and fixes, 0.11.0 is out

Elizabeth Smith's Blog: Treeviews and Cell Renderer Properties - Practical PHP-GTK

Matthias Noback: Symfony2: How to create framework independent controllers?


Community Events





Don't see your event here?
Let us know!


series community conference introduction list voicesoftheelephpant bugfix interview release podcast threedevsandamaybe symfony language tips zendserver deployment api code framework laravel

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework