Prevent forged cross-site requests (RPM)

Association:

Conquer the security threats of AJAX applications Ajax cross-domain request-JSONP get JSON data

Cross-site Scripting

With the help of the media, cross-site scripting (XSS) has become the focus of attention, of course, it should definitely be concerned about. XSS is the most common security risk in Web applications, and many popular open-source PHP applications are plagued by XSS vulnerabilities.

XSS attacks occur in the following scenarios:

• For specific sites that can be trusted by the user.

  There is no need for users to trust any site with a high level, but the browser needs it. For example, when a browser sends a cookie in a request, it means trusting the target site. For different websites, users may have different browsing behaviors or different levels of security protection.

• Typically contains Web sites that display external data.

  <?PHPclassCrumb {CONSTSALT = "Your-secret-salt"; Static $ttl= 7200; Static  Public functionChallenge ($data) {         returnHash_hmac (' MD5 ',$data, Self::SALT); }                                                                                                                   Static  Public functionIssuecrumb ($uid,$action=-1) {         $i=Ceil( Time()/Self::$ttl); return substr(Self::challenge ($i.$action.$uid),-12, 10); }                                                                                                                   Static  Public functionVerifycrumb ($uid,$crumb,$action=-1) {         $i=Ceil( Time()/Self::$ttl); if(substr(Self::challenge ($i.$action.$uid),-12, 10) = =$crumb||substr(Self::challenge ($i-1).$action.$uid),-12, 10) = =$crumb)return true; return false; }                                                                                                               } $uid= 112;if($_post[' submit '] = = ' Submit ')EchoCrumb::verifycrumb ($uid,$_post[' Crumb ']) ? ' Good ': ' Bad ';? ><form method= "POST" > <input type= "hidden" name= "crumb" value= "<?php Echo crumb::issuecrumb ($uid)?> "> <input type=" text "name=" content "> <input type=" Submit "name=" submit "value=" Submit "> </ Form>

• The site typically trusts the user's identity. The identity of the user has an important position. But even with a secure session management mechanism, CSRF attacks can still succeed. And in fact, CSRF attacks are more effective for this situation.

• An attacker can execute an HTTP request at his own whim.

  In CSRF all attack modes include an attacker who forges an HTTP request that appears to be another user-initiated (in fact, tracking an HTTP request sent by a user is the object of the attacker). There are a few techniques that can be used to accomplish this, and an example of using special techniques is shown later.

Because CSRF attacks contain forged HTTP requests, familiarity with the underlying HTTP protocol becomes very important.

Introduction to forged cross-site requests

Forged cross-site requests are more difficult to guard against, and they can be a great hazard, such as mischief, spam information, data deletion, and so on. Common manifestations of this attack are:

Forge links, entice users to click, or let users unknowingly access

Forge forms to entice users to submit. Forms can be hidden, disguised as images or links.

A more common and inexpensive precaution is to include a random, frequently-changed string in all forms that may involve user writes, and then check the string when the form is processed. If this random string is associated with the current user identity, then the attacker would be more likely to spoof the request.

Yahoo's approach to forging cross-site requests is to add a random string called. Crumb to the form, and Facebook has a similar solution, and its table dropdowns often have post_form_id and FB_DTSG.

Instance:

Reference:

PHP Security Guide http://hhacker.com/files/200709/1/index.html

PHP Security Essentials http://www.97find.cn/PHP/

Prevent forged cross-site requests (RPM)