Skip to main content

[PHP] Rujukan Untuk Penyelesaian Masalah Serangan CSRF

Setiap kali membuat projek yang membuka aksesnya kepada orang awam, pasti akan "terdedah" dengan pelbagai jenis serangan siber.

Antaranya;
Cross-site scripting dan Cross Site Request Forgery (CSRF)

Entri ini lebih kepada penyelesaian CSRF.

Hasil carian di internet, beberapa penyelesaian ini (dan penduan untuk pemahaman) mungkin sesuai untuk dirujuk.

  1.  http://shiflett.org/articles/cross-site-request-forgeries
  2.  https://gist.github.com/ziadoz/3454607
  3. http://resources.infosecinstitute.com/fixing-csrf-vulnerability-in-php-application/ 
  4. https://www.sitepoint.com/preventing-cross-site-request-forgeries/ 
  5. http://stackoverflow.com/questions/6287903/how-to-properly-add-csrf-token-using-php 

Comments

Popular posts from this blog

[MXAE] How to DELETE a record

Delete a record using MXAE-API function deleteOneRecord($programCodeOrID, $recId) { $delete = false; $program = new mxProgram; $program->getBy(array('id' => $programCodeOrID, 'code' => array($programCodeOrID, '=', 'OR'))); $ac = $program->getArticle($recId); $delete = $ac->del(); //echo $ac->client; return $delete; }

How to add a member

--php opening-- //add new user and set password $memberObj = new mxMember; $memberObj->$_POST['object']['username']; $memberObj->setPassword($_POST['object']['password'], ''); if (!$memberObj->add()) echo "Error adding member"; else echo "New member added"; //update member info including password $memberObj = new mxMember; $members = $memberObj->getAll(array('username'=>$_POST['object']['username'])); if (count($members) > 0){ foreach ($members as $member) { $member->username = $_POST['object']['username']; $member->updatePassword($_POST['object']['password'], ''); if (!$member->update()) echo "Error update member"; else echo "Member updated"; } } --php closing--