PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

NetTuts.com: Protect a CodeIgniter Application Against CSRF

Note: This article was originally published at PHPDeveloper on 19 April 4768.
PHPDeveloper

In a recent post to NetTuts.com, they show you how to protect your CodeIgniter application from cross-site request forgery (CSRF) attacks by using tokens in your forms and pages to make things more "one time" and unique to the site.

In today's tutorial, we will learn how to painlessly protect your CodeIgniter (pre 2.0) application against Cross-Site Request Forgery attacks. The library we'll be creating today will automate all of the protection mechanisms, making your site stronger and more secure.

They've broken it up into a few different sections to dole it out in easy to follow chunks:

  • Understanding the Attack Vector
  • Planning
  • Token Generation
  • Token Validation
  • Inject Tokens into the Views
  • Hooks

You can also download the full source of the library.