开发者

csrf

0
  • Is this enough for CSRF protection?

    Is this enough for CSRF protection: A random string is generated, $_SESSION[\'hash\'] stores it A hidden value (in $_POST[\'thing\']) in a form contains the random string[详细]

    2023-02-07 06:00 分类:问答
  • Django 1.2.4 CSRF verification failed

    Django 1.2 is consistently giving me this CSRF verification error when I perform a POST form. I \"think\" I\'ve done all the things asked in the Django 1.2 docs, namely,[详细]

    2023-02-06 19:57 分类:问答
  • How to prevent automated AJAX attacks

    How to prevent USER from doing automated posts/spam? Here is my way of doing it, new php session for each page request, which has its own limitations, no multitabing.[详细]

    2023-02-06 07:29 分类:问答
  • php csrf protection library

    Are there any libraries to protect against CSRF(PHP5.1/5.2) or do I need to create on myself? I use this snippet from Chris, but without a library I am getting a lot开发者_开发问答 of duplication on e[详细]

    2023-02-06 06:57 分类:问答
  • Is it important to change session on each page request?

    It causes conflicts when the user open another page on another window/tab. So how to prevent these conflicts? One way is to set session same for each page the same..every time the user logout/logins t[详细]

    2023-02-06 06:56 分类:问答
  • A fundamental question about CSRF attacks

    I am migrating from programming to \'web programming\', so this may sound too basic My question is about a HTTP request that is responded by \"victim site\" with some \"non-public/sensitive\" inform[详细]

    2023-02-06 03:55 分类:问答
  • How do I secure this post request to Rails?

    I\'m trying to work out security for my AJAX calls. I\'ve got a jQuery post call which deletes a note. From what I\'ve read, it seems that I need to use protect_from_forgery to ensure that the post is[详细]

    2023-02-06 03:18 分类:问答
  • CSRF token for ajax

    I have a problem with forms submitted with ajax. I do my forms with Zend Framework. Some are real forms so I add a Hash element. Others are for small operations (like upvote and downvote here) so I do[详细]

    2023-02-05 23:51 分类:问答
  • When the use of a AntiForgeryToken is not required /needed?

    UPD: Same question asked on security.stackexchange.com and the answer I got is different. Please follow there, to get the correct answer![详细]

    2023-02-05 18:14 分类:问答
  • CSRF defense approach

    I\'m trying to protect my .NET web site against CSRF attacks using a hidden key in every form and an special temp cookie, so when the user POST the form I can compare the temp cookie key and the hidde[详细]

    2023-02-05 15:27 分类:问答