Login   Register  
PHP Classes
elePHPant
Icontem

File: readme.txt

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of Francesco Cirać  >  Token  >  readme.txt  >  Download  
File: readme.txt
Role: Documentation
Content type: text/plain
Description: Readme file
Class: Token
Generate and check tokens to avoid CSRF attacks
Author: By
Last change:
Date: 5 years ago
Size: 1,019 bytes
 

Contents

Class file image Download
== Token
== A PHP class for CSRF preventing.

= What is Token
Token is a simple to use PHP class that implements a session token system
for web applications. The purpose is to avoid CSRF (Cross Site Request 
Forgery) attacks.

= About CSRF
The Cross Site Request Forgery is a widespread vulnerability in web 
applications.
Using CSRF an attacker can make an user to do things with his own sessions.
CSRF is an underestimate threat. It is often forget while it is more
dangerous of other attacks (who cares about a stupid XSS)?
A very good paper about CSRF is at: http://citp.princeton.edu/csrf/.

= Using Token
Token usage is very simple. It is explained in the example file.

= Token License
Token has not a license. Simply do what you want.
I just enjoyed coding Token, don't care about.

= Author contacts
Website: http://sydarex.org
Email: sydarex@gmail.com

= Credits
Token is inspired by the work of Claudio Guarnieri (nex) of PlayHack on the
Seride library (http://www.playhack.net).