RobertP Posted January 3, 2012 Share Posted January 3, 2012 currently i am using a hidden dynamic session key on all private forms. however i can think of ways to beat this my self, so i would like to hear about any ideas you have seen / though of http://en.wikipedia.org/wiki/Cross-site_request_forgery Quote Link to comment https://forums.phpfreaks.com/topic/254249-csrf-prevention/ Share on other sites More sharing options...
scootstah Posted January 3, 2012 Share Posted January 3, 2012 Do you mind sharing how you think you can beat it? Quote Link to comment https://forums.phpfreaks.com/topic/254249-csrf-prevention/#findComment-1303592 Share on other sites More sharing options...
RobertP Posted January 3, 2012 Author Share Posted January 3, 2012 fetch the page contents, pase-out the hidden security key and use in a false-post statment Quote Link to comment https://forums.phpfreaks.com/topic/254249-csrf-prevention/#findComment-1303732 Share on other sites More sharing options...
scootstah Posted January 3, 2012 Share Posted January 3, 2012 That is session hijacking and is entirely different. Quote Link to comment https://forums.phpfreaks.com/topic/254249-csrf-prevention/#findComment-1303786 Share on other sites More sharing options...
RobertP Posted January 3, 2012 Author Share Posted January 3, 2012 such a cruel world Quote Link to comment https://forums.phpfreaks.com/topic/254249-csrf-prevention/#findComment-1303821 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.