Questions tagged as 'csrf'

2
answers

What is CSRF attack and what damage can it cause?

I'm seeing some people mentioning the CSRF attacks here on Stack Overflow. What I would like to know is: What is a CSRF attack ? How is it done? What damage can it cause? How can I prevent CSRF attacks?
asked by 04.03.2016 / 03:08
2
answers

How to prevent CSRF attack without PHP frameworks?

I have the following files based on other scripts I've tried to study: authenticate.php <?php session_start(); if (isset($_POST['token'], $_POST['login'], $_POST['senha'])) { $token = empty($_SESSION['token']) ? NULL : $_SESSION['to...
asked by 23.02.2016 / 00:54
1
answer

Customize CSRF protection error messages in CodeIgniter

In% with%, if I give a reload F5 on a form's page, the CodeIgniter error is returned. A protection against The action you have requested is not allowed . How do I customize the CSRF of this error message? Instead of...
asked by 26.06.2015 / 04:34
1
answer

What status can I return in an attempt to submit a form without a TOKEN?

I'd like to know what status http I should return in my application if someone is trying to forge a request via form. The application I developed is done in Laravel 4 and I'm using that CSRF_TOKEN . The CSRF_TOKEN...
asked by 13.02.2015 / 14:02
1
answer

Validation CSRF giving error after a time without use

I have an application already running with codeigniter and I have csrf enabled on the system. The problem is in a page that has a form that sends to itself, is a filter, but it is the following, the user does the post and has the results on the...
asked by 13.08.2014 / 15:07
1
answer

Doubts, API Restfull x Angular x CSRF

I'm developing an application, in the backend I'm developing a Restful in PHP, and in the front, Angular. I have a simple question about CSRF protection: Do I need to protect against CSRF? If yes, how can I make it fully stateless?     
asked by 10.11.2017 / 21:30
2
answers

Django rest and angularjs error cors

I'm using django rest and angularjs 1.x in a project, in case this backend and frontend project are isolated, I'm using a gulp server to run angularjs, but when I try to access the api rest through the $http.get of the angle, the browser...
asked by 23.07.2016 / 03:35
1
answer

Using a token in an HTML form does it actually protect against CSRF?

   Cross-site request forgery - CSRF is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user who trusts the website. Unlike cross-site scripting (XSS), which exploits a user's trust for a particula...
asked by 13.02.2015 / 14:09
0
answers

Find file that generated error CSRF TOKEN

I have set up the handler file for every time an error occurs on the server, I receive an email with the details. So today I received an email with the following error:    array (3) {["message"] = > string (0) "" ["file"] = >...
asked by 29.09.2018 / 02:22
0
answers

Attempting to access browserconfig.xml can be some kind of attack?

Here in the company where I work, we put in a certain system, made in Laravel 4, a system of sending of emails every time some type of error occurs in requests. We started to distrust some activities, which I will list below, since some see I...
asked by 03.07.2015 / 14:32