Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

NetTuts.com:
Protect a CodeIgniter Application Against CSRF
Apr 22, 2011 @ 13:52:48

In a recent post to NetTuts.com, they show you how to protect your CodeIgniter application from cross-site request forgery (CSRF) attacks by using tokens in your forms and pages to make things more "one time" and unique to the site.

In today’s tutorial, we will learn how to painlessly protect your CodeIgniter (pre 2.0) application against Cross-Site Request Forgery attacks. The library we’ll be creating today will automate all of the protection mechanisms, making your site stronger and more secure.

They've broken it up into a few different sections to dole it out in easy to follow chunks:

  • Understanding the Attack Vector
  • Planning
  • Token Generation
  • Token Validation
  • Inject Tokens into the Views
  • Hooks

You can also download the full source of the library.

tagged: csrf codeigniter tutorial token library

Link: