csrf
Is this enough for CSRF protection?
Is this enough for CSRF protection: A random string is generated, $_SESSION[\'hash\'] stores it A hidden value (in $_POST[\'thing\']) in a form contains the random string[详细]
2023-02-07 06:00 分类:问答Django 1.2.4 CSRF verification failed
Django 1.2 is consistently giving me this CSRF verification error when I perform a POST form. I \"think\" I\'ve done all the things asked in the Django 1.2 docs, namely,[详细]
2023-02-06 19:57 分类:问答How to prevent automated AJAX attacks
How to prevent USER from doing automated posts/spam? Here is my way of doing it, new php session for each page request, which has its own limitations, no multitabing.[详细]
2023-02-06 07:29 分类:问答php csrf protection library
Are there any libraries to protect against CSRF(PHP5.1/5.2) or do I need to create on myself? I use this snippet from Chris, but without a library I am getting a lot开发者_开发问答 of duplication on e[详细]
2023-02-06 06:57 分类:问答Is it important to change session on each page request?
It causes conflicts when the user open another page on another window/tab. So how to prevent these conflicts? One way is to set session same for each page the same..every time the user logout/logins t[详细]
2023-02-06 06:56 分类:问答A fundamental question about CSRF attacks
I am migrating from programming to \'web programming\', so this may sound too basic My question is about a HTTP request that is responded by \"victim site\" with some \"non-public/sensitive\" inform[详细]
2023-02-06 03:55 分类:问答How do I secure this post request to Rails?
I\'m trying to work out security for my AJAX calls. I\'ve got a jQuery post call which deletes a note. From what I\'ve read, it seems that I need to use protect_from_forgery to ensure that the post is[详细]
2023-02-06 03:18 分类:问答CSRF token for ajax
I have a problem with forms submitted with ajax. I do my forms with Zend Framework. Some are real forms so I add a Hash element. Others are for small operations (like upvote and downvote here) so I do[详细]
2023-02-05 23:51 分类:问答When the use of a AntiForgeryToken is not required /needed?
UPD: Same question asked on security.stackexchange.com and the answer I got is different. Please follow there, to get the correct answer![详细]
2023-02-05 18:14 分类:问答CSRF defense approach
I\'m trying to protect my .NET web site against CSRF attacks using a hidden key in every form and an special temp cookie, so when the user POST the form I can compare the temp cookie key and the hidde[详细]
2023-02-05 15:27 分类:问答