[pLog-svn] Anti CSRF solution

Reto Hugi plog at hugi.to
Tue Nov 27 04:17:52 EST 2007

> 1. The easiest way to save us to avoid the CSRF  attack is referal check.
> although it is not friendly to those browser which can not send referal
> urls.
> (We can provide an option for admin, let him decide want to turn it on or
> not)

If we go for your second optino, we don't need option 1 (IMO). Referer 
checks are not worth the work.

> 2. For http-post based operation, like add and update, it is easier to
> porvide the protection by add one-time token. Need to add one hidden input
> to each form that we want to protect.

I have already a working PoC - although with none random nonces - 
implemented in 1.3, so this is really the way to go, it's not as hard as 
I thought, thanks to the adminaction class, which is inherited from in 
all admin actions.

> 3. For http-get based operation, then that's a big problem. We need to
> rewrite them to post-based with one-time token protection, maybe we need a
> AdminUrlGenerator to take care of this easily.

Are you refering to XHR implementations in lt trunk? My PoC doesn't work 
for them yet. I haven't looked at them, yet. Wouldn't it be possible to 
add the nonce as an additional parameter to the request?

More information about the pLog-svn mailing list