PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PECL Releases (11.05.2024)

Community News: Latest PECL Releases (10.29.2024)

Community News: Latest PECL Releases (10.22.2024)

Community News: Latest PECL Releases (10.15.2024)

Community News: Latest PECL Releases (10.08.2024)

Community News: Latest PECL Releases (10.01.2024)

Community News: Latest PECL Releases (09.24.2024)

Community News: Latest PECL Releases (09.17.2024)

Community News: Latest PECL Releases (09.10.2024)

Community News: Latest PECL Releases (09.03.2024)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

NetTuts.com:
Protect a CodeIgniter Application Against CSRF

byChris Cornutt Apr 22, 2011 @ 17:52:48

In a recent post to NetTuts.com, they show you how to protect your CodeIgniter application from cross-site request forgery (CSRF) attacks by using tokens in your forms and pages to make things more "one time" and unique to the site.

In today’s tutorial, we will learn how to painlessly protect your CodeIgniter (pre 2.0) application against Cross-Site Request Forgery attacks. The library we’ll be creating today will automate all of the protection mechanisms, making your site stronger and more secure.

They've broken it up into a few different sections to dole it out in easy to follow chunks:

Understanding the Attack Vector
Planning
Token Generation
Token Validation
Inject Tokens into the Views
Hooks

You can also download the full source of the library.