[pLog-svn] Anti CSRF solution
Reto Hugi
plog at hugi.to
Tue Nov 27 04:17:52 EST 2007
> 1. The easiest way to save us to avoid the CSRF attack is referal check.
> although it is not friendly to those browser which can not send referal
> urls.
> (We can provide an option for admin, let him decide want to turn it on or
> not)
If we go for your second optino, we don't need option 1 (IMO). Referer
checks are not worth the work.
> 2. For http-post based operation, like add and update, it is easier to
> porvide the protection by add one-time token. Need to add one hidden input
> to each form that we want to protect.
I have already a working PoC - although with none random nonces -
implemented in 1.3, so this is really the way to go, it's not as hard as
I thought, thanks to the adminaction class, which is inherited from in
all admin actions.
> 3. For http-get based operation, then that's a big problem. We need to
> rewrite them to post-based with one-time token protection, maybe we need a
> AdminUrlGenerator to take care of this easily.
Are you refering to XHR implementations in lt trunk? My PoC doesn't work
for them yet. I haven't looked at them, yet. Wouldn't it be possible to
add the nonce as an additional parameter to the request?
More information about the pLog-svn
mailing list