Small moves to prevent the forgery of Cross station requests

Introduction to forged cross-station requests

The forgery of cross station requests is more difficult to guard against, and the harm is great, in this way attackers can play pranks, send spam information, delete data, and so on. Common manifestations of this attack are:

Forge links, entice users to click, or let the user unknowingly access

Forge forms and entice users to submit them. The form can be hidden, disguised as a picture or link.

A more common and inexpensive precaution is to include a random, frequently converted string in all forms that may involve user writes, and then check the string when processing the form. If this random string is associated with the current user identity, then the attacker would be more troublesome to forge the request.

Yahoo's approach to forging cross-site requests is to add a random string of called. Crumb to the form, and Facebook has a similar solution, and its table dropdowns often have post_form_id and FB_DTSG.

Random string Code implementation

We follow this idea, cottage a crumb implementation, the code is as follows:

<?php

Class Crumb {

CONST SALT = "Your-secret-salt";

static $ttl = 7200;

Static public Function Challenge ($data) {

Return Hash_hmac (' MD5 ', $data, Self::salt);

}

static public Function Issuecrumb ($uid, $action =-1) {

$i = Ceil (Time ()/self:: $TTL);

Return substr (Self::challenge ($i. $action. $uid),-12, 10);

}

static public Function Verifycrumb ($uid, $crumb, $action =-1) {

$i = Ceil (Time ()/self:: $TTL);

if (substr self::challenge ($i. $action $uid), -12 = = $crumb

substr (Self::challenge ($i-1). $action. $uid), -12 (+) = = $crumb)

return true;

return false;

}

}

The $uid in the code represents the user's unique identity, while the $TTL represents the valid time for the random string.

Application Example

Construct a form

Inserts a hidden random string in the form crumb

<form method= "POST" action= "demo.php" > <input type= "hidden" name= "crumb" value= "<?php Echo Crumb:: Issuecrumb ($uid)?> "> <input type=" text name= "Content" > <input type= "Submit" > </form>

working with Forms demo.php

Check the Crumb

<?php

if (Crumb::verifycrumb ($uid, $_post[' crumb ')) {

Process a form in the normal process

} else {

Crumb checksum failure, error prompt process

}