search

cohoe / starrs-web

Web interface to STARRS
www.grantcohoe.com
Other
6 stars 1 forks source link

CSRF protection #94

Open worr opened 12 years ago

worr commented 12 years ago

Hey, CSRF protection is available in code igniter for free. Use it.

http://codeigniter.com/user_guide/libraries/security.html

You could do a really tricky DNS rebinding trick combined with some CSRF currently to register machines as arbitrary users, if you send them to a doctored page.

cohoe commented 12 years ago

Need to switch to use CI's form_helper