I would like to use JSON, however, the security issues r开发者_如何学运维elated to using JSON are holding me back.
There are two main issues CSRF (Cross Site Request Forgery) and the JSON/Array hack.
I have read that Double Submit the Cookie expanding from Secret Hidden Fields are possible solutions to the CSRF problem.
I wonder if there are any codeigniter add-ons to simplify the process of securing a project this way?
Any advice would be appreciated.
To help secure your application against CSRF there is a library http://blog.kylehasegawa.com/codeigniter-csrf-xsrf-library that can help. However, once CI 2 is released you need not worry - it will include CSRF/XSRF protection.
What do you mean by "use JSON"?
JSON in itself is not dangerous, it is just a way to serialize javascript objects. However, when deserializing, I advice you not to use JavaScript's eval() function (That allows for executing arbitrary JS code if used carelessly), but use a dedicated JSON deserializer such as http://www.json.org/js.html. Newer browsers even come with built-in JSON deserializers.
For browser security issues in general, i recommend reading http://code.google.com/p/browsersec/.
It need no addons, just generate an unique string in the hidden form field and also save it in the session, then compare $_POST submitted form value with the session value. Break code if they don't match, otherwise continue script... That's a simple process.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论