SunQuest
           Tutorials
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Codewalkers ForumsOtherTutorials
Reload this Page

Stopping CSRF Attacks in Your PHP Applications

Discuss Stopping CSRF Attacks in Your PHP Applications in the Tutorials forum on Codewalkers.
Stopping CSRF Attacks in Your PHP Applications Please post all concerns and questions regarding any tutorials on the site here. If you have a request for a tutorial please post it here and start your title with REQUEST:

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Codewalkers Forums Sponsor:
You eat, breathe and sleep innovation. Build your mobile intelligence with BlackBerry® experts this July. Register Today!
  #1  
Old May 14th, 2007, 10:30 AM
Code Walkers Code Walkers is offline
Utility Bot
Codewalkers Newbie (0 - 499 posts)
  
Join Date: Apr 2007
Posts: 149 Code Walkers User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 2
Stopping CSRF Attacks in Your PHP Applications
We build web applications to do useful things for us, but unfortunately there are those that attempt to cause our creations to do something we never intended them to do.


Read the full article here: Stopping CSRF Attacks in Your PHP Applications

For more discussion go here: Blog Article Discussion
Reply With Quote
  #2  
Old August 22nd, 2007, 02:59 PM
markbett markbett is offline
Registered User
Codewalkers Newbie (0 - 499 posts)
  
Join Date: Aug 2007
Posts: 1 markbett User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 9 m 35 sec
Reputation Power: 0
Quote:
Originally Posted by Code Walkers
We build web applications to do useful things for us, but unfortunately there are those that attempt to cause our creations to do something we never intended them to do.


Read the full article here:

For more discussion go here:


the article gives a fix example of
Quote:
PHP Code:
if($_SESSION[‘token'] != $_GET[‘sitetoken']) {
   echo "Not a valid request!"; exit;
}

update_email();
echo "Your email address has been updated.";

?> 



why would you want the default case to be approve the change? shouldn't you be evaluating the request to see if it matches, if it does then you approve, in every other circumstance you deny? While here the difference may be minor, overall it will help ensure you didn't make a mistake somewhere else and provide an opportunity for the code to reach that point unexpectedly
Reply With Quote
Reply

Viewing: Codewalkers ForumsOtherTutorials > Stopping CSRF Attacks in Your PHP Applications

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 3 hosted by Hostway