• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Solved] Any thing better than CSRF

#2
No, I think it would not work as csrf in all circumstances.

For instance it might work on a login screen. Fine. But CSRF is a problem much deeper than login. It exploits the trust a site has for a user, making it seem like a request that was not issued by the user intentionally was sent by the user to a site they happen to be logged into.

So you would need robot checking on every form. Imagine an admin screen. You might have fifty pages with forms on them. Each page would say 'am I a human' and worse, challenge the user every five minutes with a 'what is this text' type question every time it decided it was not sure if it was a human still.

So yes, it would work on a single form, preferably on a contact form or a login form, the sort of place you want that sort of check, as you do not want a robot pumping away trying emails and passwords endlessly. However, CSRF is about making sure all, and any post, from your site is from a form that was actually delivered from your server. Especially when a user is logged in genuinely.

Personally, for me CSRF has always worked perfectly and as intended. I have never had any issues with it at all. Even with ajax it is quite straight forward to work with.

Best wishes,

Paul.
Reply


Messages In This Thread
RE: Any thing better than CSRF - by PaulD - 12-16-2016, 11:44 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-16-2016, 01:33 PM
RE: Any thing better than CSRF - by PaulD - 12-16-2016, 03:57 PM
RE: Any thing better than CSRF - by wolfgang1983 - 12-16-2016, 09:11 PM
RE: Any thing better than CSRF - by Diederik - 12-17-2016, 02:30 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-17-2016, 03:24 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-20-2016, 01:10 AM
RE: Any thing better than CSRF - by skunkbad - 12-17-2016, 03:23 PM
RE: Any thing better than CSRF - by wolfgang1983 - 12-17-2016, 03:40 PM
RE: Any thing better than CSRF - by kenjis - 12-17-2016, 05:12 PM
RE: Any thing better than CSRF - by Diederik - 12-20-2016, 03:13 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-22-2016, 08:21 PM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.