RobertP Posted January 3, 2012 Share Posted January 3, 2012 currently i am using a hidden dynamic session key on all private forms. however i can think of ways to beat this my self, so i would like to hear about any ideas you have seen / though of http://en.wikipedia.org/wiki/Cross-site_request_forgery Link to comment https://forums.phpfreaks.com/topic/254249-csrf-prevention/ Share on other sites More sharing options...
scootstah Posted January 3, 2012 Share Posted January 3, 2012 Do you mind sharing how you think you can beat it? Link to comment https://forums.phpfreaks.com/topic/254249-csrf-prevention/#findComment-1303592 Share on other sites More sharing options...
RobertP Posted January 3, 2012 Author Share Posted January 3, 2012 fetch the page contents, pase-out the hidden security key and use in a false-post statment Link to comment https://forums.phpfreaks.com/topic/254249-csrf-prevention/#findComment-1303732 Share on other sites More sharing options...
scootstah Posted January 3, 2012 Share Posted January 3, 2012 That is session hijacking and is entirely different. Link to comment https://forums.phpfreaks.com/topic/254249-csrf-prevention/#findComment-1303786 Share on other sites More sharing options...
RobertP Posted January 3, 2012 Author Share Posted January 3, 2012 such a cruel world Link to comment https://forums.phpfreaks.com/topic/254249-csrf-prevention/#findComment-1303821 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.