Cross-site Request Forgery
About CSRF Attacks
Cross-site Request Forgery (CSRF) is a type of malicious exploit of a web application where unauthorized commands are submitted from a user that the the web application trusts.
Wikipedia (https://en.wikipedia.org/wiki/Cross-site_request_forgery)
This type of attack is not limited to Saturn, but it is possible unless steps are taken to prevent it.
Preventing CSRF Attacks
<?php
use Saturn\SecurityManager\CSRF
$CSRF = new CSRF();
?>
<!DOCTYPE html>
<html lang="<?= SATURN_LANGUAGE; ?>">
<head>
<title>Login form</title>
</head>
<body>
<form action="login.php' method="POST">
<?php $CSRF->Set(); ?>
...
</form>
</body>
</html>
use Saturn\SecurityManager\CSRF
$CSRF = new CSRF();
if ($CSRF->Check()) {
// It's safe to proceed.
} else {
// Possible CSRF attack!
}
Last updated