Quantcast
Channel: BenEskew.com » Programming
Viewing all articles
Browse latest Browse all 10

CSRF Attack – Follow Up

0
0

I recently posted an article about the dangerous CSRF web attack which will eventually happen to your web software, located here: http://www.beneskew.com/2012/06/combating-csrf-attacks/, and I will now post the ultimate follow-up for that.

The best protection for CSRF:

When your form is presented to the User, create a database entry with the following:
id, unique_form_key
the unique_form_key should be extremely unique and not easily reproducible.
When the submission is executed, check that the unique_form_key is attached to the submission and it is also correct, then allow the process associated to execute. That easy.

If you have any questions or feedback, please let me know in the comments.


Viewing all articles
Browse latest Browse all 10

Latest Images

Trending Articles





Latest Images