Wednesday, July 29, 2009

handling cross-site request forgery

csrf exploits the trust of application on user. csrf attacks are best way to handle by sending a form with post method. There can be a way to prevent csrf with adding a secret token in form hidden field.


Question : What is the best measure one can take to prevent a cross-site request forgery?

Answer:

1. Disallow requests from outside hosts
2. Add a secret token to all form submissions
3. Turn off allow_url_fopen in php.ini
4. Filter all output
5. Filter all input
See the book OpenCart 1.4 Template Design Cookbook.
See the book Joomla Mobile Development Beginners Guide




List of my works:

Opencart Extensions:

  1. Product Based Quantity Wise Shipping: Find it here.
  2. OpenSSLCOMMERZ: integrate SSLCOMMERZ with opencart: Find it here.
  3. Fine Search v.1.0 - Improves Opencart search feature to find relevant: Find it here.
  4. Opensweetcaptcha - An easy way to generate attractive captcha for your system!: Find it here.
  5. Custom Field Product - add unlimited custom fields to the product form: Find it here.
  6. Formcaptcha - add captcha on the register page: Find it here.

My Books:

  1. OpenCart 1.4 Template Design Cookbook.
  2. Joomla Mobile Development Beginners Guide

No comments: