I开发者_开发问答 set a cookie in the headers with an md5 hashed keyword. Then in my code, it checks for the exact matching cookie before displaying a form. Is this pretty much pointless? The form submits to an external site, so I am trying to secure the form without using captcha..
CSRF is only a problem if the request is valuable to the attacker. For instance, if can an attacker can get a logged in administrator to change their password using CSRF, then you have a serious problem. No one cares about lyrics, or search requests or page navigation. No one will ever exploit that, so it doesn't matter where the request comes from.
If you send the cookie at the same time as you print the form it will always return true, unless they have cookies turned off.
What the cookie check is used for is cross site request forgery prevention. In other words, stop people from submitting forms from external sites :)
So what you have described there, doesn't do anything
精彩评论