PHPMaster: Preventing Cross-Site Request Forgeries

Share this article

Cross-site request forgery (CSRF) is a common and serious exploit where a user is tricked into performing an action he didn’t explicitly intend to do. This can happen when, for example, the user is logged in to one of his favorite websites and proceeds to click a seemingly harmless link. In the background, his profile information is silently updated with an attacker’s e-mail address. The attacker can then use the website’s password reset feature to e-mail herself a new password and she’s just successfully stolen the account.

Excerpt from:
PHPMaster: Preventing Cross-Site Request Forgeries

Martin PsinasMartin Psinas
View Author

Martin E. Psinas is a self-taught web developer, published author, and is currently studying Japanese. For more information, visit his website.

.NETAWSbest practicecsrfOpinionPHPphp tutorialssecurity
Share this article
Read Next
Get the freshest news and resources for developers, designers and digital creators in your inbox each week
Loading form