Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
myspace2017-01-25 21:20:51
CSRF
myspace, 2017-01-25 21:20:51

Am I understanding csrf correctly?

Entering a login and password - installing csrf and writing it to the database and to the session - when submitting forms, verifying csrf from the session with csrf from the database. But questions arise, based on what parameters to generate a csrf token?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
D3lphi, 2017-01-25
@myspace

Adding to the database is redundant. What settings? Random string + user ip + user agent of the user.

Similar questions
C
Cat Anton2016-08-22 03:06:31
Does it make sense to protect the "Exit" button from CSRF? 3Reply
R
redya692015-01-26 23:34:46
Csrf attacks. Anti-csrf token - a panacea? 1Reply
K
KamilFo2015-03-22 15:53:49
Where to store the contents of the CSRF token in the Backbone client? 1Reply
L
lemonlimelike2017-09-19 21:07:34
What is a CSRF attack? 3Reply
A
Anton2020-04-10 21:13:45
CSRF token generation or other php options? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question