CSRF (Cross-site request forgery) attack example and prevention in PHP
Posted
by Saif Bechan
on Stack Overflow
See other posts from Stack Overflow
or by Saif Bechan
Published on 2010-03-26T20:29:19Z
Indexed on
2010/03/26
20:33 UTC
Read the original article
Hit count: 780
I have an website where people can place a vote like this:
http://mysite.com/vote/25
This will place a vote on item 25. I want to only make this available for registered users, and only if they want to do this. Now I know when someone is busy on the website, and someone gives them a link like this:
http://mysite.com/vote/30
then the vote will be places for him on the item without him wanting to do this.
I have read the explanation on the OWASP website, but i don't really understand it
Is this an example of CSFR, and how can I prevent this. The best thing i can think off is adding something to the link like a hash. But this will be quite irritating to put something on the end of all the links. Is there no other way of doing this.
Another thing can someone maybe give me some other example of this, because the website seems fairly fugue to me.
© Stack Overflow or respective owner