Wednesday, July 29, 2009

handling cross-site request forgery

csrf exploits the trust of application on user. csrf attacks are best way to handle by sending a form with post method. There can be a way to prevent csrf with adding a secret token in form hidden field.


Question : What is the best measure one can take to prevent a cross-site request forgery?

Answer:

1. Disallow requests from outside hosts
2. Add a secret token to all form submissions
3. Turn off allow_url_fopen in php.ini
4. Filter all output
5. Filter all input
See the book OpenCart 1.4 Template Design Cookbook.
See the book Joomla Mobile Development Beginners Guide




List of my works:

Technical Support:

If you still face the technical problem, please get support of our highly skilled technical team: garazlab.com.


Wordpress Plugins:
  1. Real-Time Health Data from Every Where:WP plugin to display real-time health data & increase sale by promoting user specific products according to health information: garazlab.com.
  2. Woocommerce Stock Notification Builder:Sends desktop, mobile & email notifications with full customization.Build your own product notification system with it: garazlab.com.

Opencart Extensions:

  1. Product Based Quantity Wise Shipping: Find it here.
  2. OpenSSLCOMMERZ: integrate SSLCOMMERZ with opencart: Find it here.
  3. Fine Search v.1.0 - Improves Opencart search feature to find relevant: Find it here.
  4. Opensweetcaptcha - An easy way to generate attractive captcha for your system!: Find it here.
  5. Custom Field Product - add unlimited custom fields to the product form: Find it here.
  6. Formcaptcha - add captcha on the register page: Find it here.

My Books:

  1. OpenCart 1.4 Template Design Cookbook.
  2. Joomla Mobile Development Beginners Guide

No comments: