Welcome Guest, Not a member yet? Register   Sign In
Prevent multi upload with users
#8

(07-18-2018, 12:39 PM)Pertti Wrote:
(07-18-2018, 12:12 PM)omid_student Wrote: No my problem is not file type or content
My problem is only upload file from app and prevent upload file with username and password with restful tools or php
I try prevent with useragent or api key special for mobile but it is not necessary

CSRF is not for file type, it's for making sure the incoming requests originate from server in the first place.

There's more stuff on it here:
https://www.owasp.org/index.php/Cross-Si...heat_Sheet

Finally i deiced to generate token and get it from app and send it for each request and check it in server
I save token in session for 7200s and use JWT for token
Reply


Messages In This Thread
Prevent multi upload with users - by omid_student - 07-18-2018, 08:39 AM
RE: Prevent multi upload with users - by Pertti - 07-18-2018, 11:16 AM
RE: Prevent multi upload with users - by Pertti - 07-18-2018, 11:51 AM
RE: Prevent multi upload with users - by Pertti - 07-18-2018, 12:39 PM
RE: Prevent multi upload with users - by omid_student - 07-18-2018, 02:04 PM



Theme © iAndrew 2016 - Forum software by © MyBB