NetTuts.com: Protect a CodeIgniter Application Against CSRF
In a recent post to NetTuts.com, they show you how to protect your CodeIgniter application from cross-site request forgery (CSRF) attacks by using tokens in your forms and pages to make things more "one time" and unique to the site.
In today's tutorial, we will learn how to painlessly protect your CodeIgniter (pre 2.0) application against Cross-Site Request Forgery attacks. The library we'll be creating today will automate all of the protection mechanisms, making your site stronger and more secure.
They've broken it up into a few different sections to dole it out in easy to follow chunks:
- Understanding the Attack Vector
- Token Generation
- Token Validation
- Inject Tokens into the Views
You can also download the full source of the library.