Miscellaneous

  Home arrow Miscellaneous arrow Page 2 - Stopping CSRF Attacks in Your PHP Appl...
MISCELLANEOUS

Stopping CSRF Attacks in Your PHP Applications
By: Matt Wade
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 4 stars4 stars4 stars4 stars4 stars / 17
    2007-05-14

    Table of Contents:
  • Stopping CSRF Attacks in Your PHP Applications
  • Fixing the Vulnerability

  •  
     

    SEARCH CODEWALKERS

    Stopping CSRF Attacks in Your PHP Applications - Fixing the Vulnerability


    (Page 2 of 2 )

    So, how do you fix it? The most common method of fixing this is to utilize a site token that identifies a request as coming from your site. It is relatively simple to implement and will certainly save you tons of grief. The theory behind it is simple: create a unique token, associate it with the user, and then pass it along with the form. If the token doesn't check out, don't take action on the request. So, our original form would look like this:

    <?php

    if(!is_logged_in()) {
        // redirect to login page
       exit;
    }
    $token = md5(uniqid(rand(), TRUE));
    $_SESSION['token'] = $token;

    ?>

    <form method="get" action="updateemail.php">
    <input type="text" name="newemail" />
    <input type="hidden" name="sitetoken" value="<?php echo $token; ?>" />
    <input type="submit" name="submit" value="Submit" />
    </form>

    Then the updateemail.php script would look like this:

    <?php

    if(!is_logged_in()) {
        // redirect to login page
       exit;
    }

    if($_SESSION[‘token'] != $_GET[‘sitetoken']) {
       echo "Not a valid request!"; exit;
    }

    update_email();
    echo "Your email address has been updated.";

    ?>

    I like fixes like this…quick and simple. You should be able to go through your web application and plug up any holes relatively quickly. Well, I hope that this short article has helped you to see the danger of CSRF attacks and how you can easily stop them from happening. Do you have any other techniques you use to avoid these attacks? If so, please share them!


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.
    blog comments powered by Disqus

    MISCELLANEOUS ARTICLES

    - Attention: Forum and Site Maintenance
    - Oracle Database XE: Indexes and Sequences
    - Modifying Tables in Oracle Database XE
    - Oracle Database XE: Tables and Constraints
    - More on Oracle Databases and Datatypes
    - Oracle Database XE Datatypes: Datetime and L...
    - Oracle Database XE Datatypes: Character and ...
    - From Databases to Datatypes
    - Firefox 3.6.6 Released with Improved Plug-in...
    - Attention Bloggers: WordPress 3.0 Now Releas...
    - Reflection in PHP 5
    - Inheritance and Other Advanced OOP Features
    - Advanced OOP Features
    - Linux from Scratch V.6.6 Review
    - Linux Gaining in Strength

    Developer Shed Affiliates

     



    © 2003-2014 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap