0 Replies - 350 Views - Last Post: 22 January 2014 - 11:26 PM

#1 Ntwiles   User is offline

  • D.I.C Addict

Reputation: 148
  • View blog
  • Posts: 831
  • Joined: 26-May 10

Preventing CSRF Attacks

Posted 22 January 2014 - 11:26 PM

I'm seeing a lot of different methods going around on how to prevent these attacks, and I'm curious how to make these methods work in conjunction with my current authentication system.

For those unaware (and if I understand it correctly) these are attacks are done from a third party site, by tricking an authenticated user into performing malicious actions from his own browser, via get or post data.

Right now I'm storing an authentication token which is a hash based on the user's password and their user agent. I'm curious if I could just embed that same token into a hidden field on all of my forms, and use that to verify that the form originated from my own site.

Can you guys tell if I have a correct understanding of the problem, if my solution would be secure against CSRF attacks as is, and if there are any better solutions?

Is This A Good Question/Topic? 0
  • +

Page 1 of 1