• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Solved] Any thing better than CSRF

#13
I think I have found solution now.

I don't get CSRF error now when I use form helper functions like example

PHP Code:
<?php echo form_open_multipart('controller/function');>

<?
php echo form_input('username''username');?>

<?php echo form_close();?>

If I have input like below then the CSRF error will show


PHP Code:
<?php echo form_open_multipart('controller/function');>

<
input type="text" name="username" />

<?
php echo form_close();?>

So I think it's best to use all form helper functions

I can now use $config['csrf_regenerate'] = TRUE; with out error showing and Not extending Security


PHP Code:
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'my_post_key';
$config['csrf_cookie_name'] = 'cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array(); 
There's only one rule - please don't tell anyone to go and read the manual.  Sometimes the manual just SUCKS!
Reply


Messages In This Thread
RE: Any thing better than CSRF - by PaulD - 12-16-2016, 11:44 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-16-2016, 01:33 PM
RE: Any thing better than CSRF - by PaulD - 12-16-2016, 03:57 PM
RE: Any thing better than CSRF - by wolfgang1983 - 12-16-2016, 09:11 PM
RE: Any thing better than CSRF - by Diederik - 12-17-2016, 02:30 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-17-2016, 03:24 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-20-2016, 01:10 AM
RE: Any thing better than CSRF - by skunkbad - 12-17-2016, 03:23 PM
RE: Any thing better than CSRF - by wolfgang1983 - 12-17-2016, 03:40 PM
RE: Any thing better than CSRF - by kenjis - 12-17-2016, 05:12 PM
RE: Any thing better than CSRF - by Diederik - 12-20-2016, 03:13 AM
RE: Any thing better than CSRF - by wolfgang1983 - 12-22-2016, 08:21 PM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.