News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Jani Hartikainen's Blog:
How to CSRF protect all your forms
October 16, 2008 @ 12:07:26

Jani Hartikainen has posted a few ideas on cross site request forgeries in a new blog entry, including some methods to help prevent it in your application.

CSRF, or Cross-Site Request Forgery, is a vulnerability very common in websites. [...] This can be dangerous, especially if your admin interface is compromised: There may be a button on the other site which goes to your admin interface and deletes the latest blogpost for example - and you wouldn't want that!

His method is a three-step process for protection - use POST, protect against cross-site scripting and use a CSRF key in the form to help prevent abuse. A simple script is included to show it working and is adapted to work in a controller plugin for the Zend Framework.

0 comments voice your opinion now!
csrf crosssite request forgery xss scripting form protect


blog comments powered by Disqus

Similar Posts

Jared White's Blog: Willowgarden Highlight: Easy Processing of Form Input

Chris Shiflett's Blog: Google Code Search for Security Vulnerabilities

Chris Shiflett\'s Blog: php|architect - March 2006 Edition

WebReferece.com: How to Use the HTTP Protocol

Chris Shiflett\'s Blog: The addslashes() Versus mysql_real_escape_string() Debate


Community Events

Don't see your event here?
Let us know!


wordpress framework release podcast unittest introduction laravel api language community extension development library voicesoftheelephpant conference laravel5 series psr7 interview opinion

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework