Cross-site Request Forgery

About CSRF Attacks

Cross-site Request Forgery (CSRF) is a type of malicious exploit of a web application where unauthorized commands are submitted from a user that the the web application trusts.
Wikipedia (https://en.wikipedia.org/wiki/Cross-site_request_forgery)

This type of attack is not limited to Saturn, but it is possible unless steps are taken to prevent it.

Preventing CSRF Attacks

form.php

<?php
    use Saturn\SecurityManager\CSRF
    $CSRF = new CSRF();
?>
<!DOCTYPE html>
<html lang="<?= SATURN_LANGUAGE; ?>">
    <head>
        <title>Login form</title>
    </head>
    <body>
        <form action="login.php' method="POST">
            <?php $CSRF->Set(); ?>
            ...
        </form>
    </body>
</html>

use Saturn\SecurityManager\CSRF
$CSRF = new CSRF();

if ($CSRF->Check()) {
    // It's safe to proceed.
} else {
    // Possible CSRF attack!
}

PreviousSecurityManager NextCross-site Scripting

Last updated 9 months ago