Comments on: Cross-Site Request Forgeries (CSRF)

By: artikelverzeichnis

artikelverzeichnis — Sun, 22 Jan 2012 04:14:19 +0000

An interesting dialogue is value comment. I think that you must write more on this topic, it won’t be a taboo subject however usually people are not sufficient to talk on such topics. To the next. Cheers

By: Leticia Schlotfeldt

Leticia Schlotfeldt — Sat, 21 Jan 2012 19:51:07 +0000

I simply wanted to develop a message to thank you for the precious ideas you are giving out at this website. My incredibly long internet search has at the end been honored with reliable information to share with my partners. I would assert that we site visitors actually are really lucky to be in a remarkable community with many lovely individuals with very helpful tricks. I feel somewhat lucky to have seen the site and look forward to really more thrilling times reading here. Thanks a lot once more for all the details.

By: U238

U238 — Wed, 23 Jul 2008 20:00:46 +0000

Good tutorial , thnx bro.

By: Christopher

Christopher — Sat, 05 Jul 2008 13:16:11 +0000

Remember that the goal isn’t about creating a unique hash (though for all intents and purposes, it will be unique), the goal is to simply create a hash that is unguessable within the time the code is valid (say, 10 minutes).

While it is true that a random number and microtime isn’t 100% secure (for reasons that mt_rand() can be predicted under the right conditions), it is nevertheless a pretty good way. You can add a secret salt to the mix if you want more security.

By: Albert

Albert — Fri, 04 Jul 2008 20:49:06 +0000

You should use something like md5(uniqid(rand(0, 99999999), true)) to generate a unique token, because mt_rand(0, 1000) has just 1000 possibilities.

By: syshoLe.com » Blog Archive » CSRF Saldırıları ve Korunma (Bölüm 2)

syshoLe.com » Blog Archive » CSRF Saldırıları ve Korunma (Bölüm 2) — Mon, 03 Dec 2007 10:24:45 +0000

[...] http://devlog.info/2007/09/02/cross-site-request-forgeries-csrf/ [...]