Cross Site Request Forgery. Working on beating down this demon as we speak, but the jist of it is this: Without proper security, someone is able to, for example, send a fake image source file to a user, with the source of the image being the attack. This source could redirect valuable cookie information from your browser through a malicious website, and steal some valuable information.
The way I'm going to get around this is with proper hashing, superior php session coding, and proper site redirection.
Showing posts with label csrf. Show all posts
Showing posts with label csrf. Show all posts
Thursday, December 29, 2011
Subscribe to:
Posts (Atom)