Search Results

Search found 110 results on 5 pages for 'csrf'.

Page 2/5 | < Previous Page | 1 2 3 4 5  | Next Page >

• Does anyone see any downsides of doing the following to prevent CSRF?

  - by Spines

  I'm wondering if the following method will completely prevent CSRF, and be compatible with all users. Here it is: In the form just include an extra parameter that is: encrypted(user's userID + request time). Server-side just decrypt and make sure it's the right userID and the request time was reasonably recent. Aside from someone sniffing the…

  Read the article

• PHP - CSRF - How to make it works in all tabs?

  - by Erik Persson

  Hi there, I have readed about how to prevent CSRF-attacks in the last days. I am going to update the token in every pageload, save the token in the session and make a check when submitting a form. But what if the user has, lets say 3 tabs open with my website, and I just store the last token in the session? This will overwrite the token with…

  Read the article

• Django with custom authentication backends, is Csrf middleware really required ?

  - by Hellnar

  Hello, Under Django 1.1.1, I am using several authentication backends such as social-registration for facebook connect and django-emailauth for email based authentication instead of user names. I am curious if the Csrf middleware is an essential security measure as it seems like it sometimes generates problems, especially with facebook…

  Read the article

• CSRF error when trying to log onto Django admin page with w3m on Emacs23

  - by Vernon

  I normally use Firefox and have had no problems with the admin page on my Django website. But I use Emacs23 for writing my posts, and wanted to be able to use w3m in Emacs to copy the stuff across. When I try to log into my admin pages, it gives the CSRF error: CSRF verification failed. Request aborted. Help Reason given for…

  Read the article

• Why do I get a 403 error while accessing a wap django application with csrf middleware enabled?

  - by S.c.

  As the title says. Any ideas? When accessing from desktop browser it's all ok.

  Read the article

• What XSS/CSRF attacks (if any) to be aware of when allowing video embeds?

  - by fireeyedboy

  I've been assigned a project for a website where users will be allowed to upload video's (using a YouTube API) but more importantly (for me) they will also be allowed to submit video embed codes (from numerous video sites, YouTube, Vimeo, etc. etc.). Having no experience with allowing users to embed video: How can I best protect…

  Read the article

• CSRF verification failed, but only with Facebook App

  - by dkgirl

  I am creating a Facebook App using Django. When I access my webpage directly then it works fine. I have then added this webpage as the Facebook canvas URL, so that users are directed to this page when they go to the App. Now, when I enter the App, I get the "CSRF verification failed" error. I think it's because facebook is…

  Read the article

• django-uni-form helpers and CSRF tags over POST

  - by linked

  Hi, I'm using django-uni-forms to display my fields, with a rather rudimentary example straight out of their book. When I render the form fields using <form>{%csrf_tag%} {%form|as_uni_form%}</form>, everything works as expected. However, django-uni-form Helpers allow you to generate the form tag (and other…

  Read the article

• Django and ajax image file upload errors and csrf

  - by sharkfin

  I tried out Alex Kuhl's ajax script to upload images to Django 1.4. My first question is why I'm getting an empty page with firebug telling me I have two errors: fileuploader.js (line 4): syntax error <!DOCTYPE html> In my template html: qq is not defined var uploader = new…

  Read the article

• Error while using csrf

  - by iHeartDucks

  This is my view function @csrf_request def view_function(request, template_name): c = {} return return render_to_response(template_name, {'recipe' : objRecipeForm}, c, context_instance=RequestContext(request)) I also used a {% csrf_token %} in my template The error I get is render_to_string() got multiple…

  Read the article

• Where can I learn various hacking techniques on the web?

  - by Carson Myers

  I would like to try my hand at hacking -- that is, exploiting various website vulnerabilities. Not for any illegal purpose mind you, but so I can have a better understanding and appreciation of these exploits while writing my own web software. I seem to recall that there was a community that hosted a bunch of demo…

  Read the article

• Prevent Cross-Site Request Forgery in a Spring WebFlow Application

  - by Eric J.

  I'm looking for a (hopefully straightforward) way to add CSRF protection to an application build on Spring WebFlow 2. An approach that migrates well to Spring WebFlow 3 (when released) is preferred.

  Read the article

• dotnetopenauth token ? is it required?

  - by df

  Hi, I've implementend openId login system on my site and it works ok, but when i compare what is send to openidprovider and back is different with that what is send by stackoverflow.com for example whis send s paramenter and token parameter? Are these parameteres custom parameters send by stackoverflow or…

  Read the article

• client generated double submit cookie, cross site request forgery prevention

  - by james

  in a double-submitted cookie csrf prevention scheme, is it necessary for the server to provide the cookie? it seems i could have javascript on the clients page generate and set a cookie "anti_csrf", then double submit that (once as a cookie, done by the browser, and once in the body of the request). a…

  Read the article

• My jquery AJAX POST requests works without sending an Authenticity Token (Rails)

  - by dchua

  Hi all, Is there any provisions in rails that would allow all AJAX POST requests from the site to pass without an authenticity_token? I have a Jquery POST ajax call that calls a controller method, but I did not put any authenticity code in it and yet the call succeeds. My ApplicationController does…

  Read the article

• For securing forms, when do I issue the token?

  - by AQuestionADayKeepsTheDrAway

  So, I have a form, to make it a little more secure and potentially help prevent CSRF attacks I want to add a random token value in a hidden field that value is also stored server side in my session data. When should I issue a new token? Per form? Per page load where there is any form? Per session? I…

  Read the article

• PHP session token can be used multipletimes?

  - by kornesh

  I got page A which is a normal HTML page and page which is an AJAX response page. And I want to prevent CSRF attacks by tokens. Lets say I use this method for an autocomplete form, is it possible to use same token multiple times (of course the session is only set one time) because i tired this method…

  Read the article

• struts2 invalid.token returned when form submitted using JQuery

  - by John

  Hi, I have inherited some code in which I now have to add CSRF prevention and am trying to use the struts2 tokenSession interceptor to do this. I am adding a token to my form using the struts2 token tag like so: <form id="updateObject" name="updateObject"…

  Read the article

• MVC 2 AntiForgeryToken - Why symmetric encryption + IPrinciple?

  - by Brad R

  We recently updated our solution to MVC 2, and this has updated the way that the AntiForgeryToken works. Unfortunately this does not fit with our AJAX framework any more. The problem is that MVC 2 now uses symmetric encryption to encode some properties about…

  Read the article

• Cross-site request forgery protections: Where do I put all these lines?

  - by brilliant

  Hello, I was looking for a python code that would be able to log in from "Google App Engine" to some of my accounts on some websites (like yahoo or eBay) and was given this code: import urllib, urllib2, cookielib url =…

  Read the article

• How to allow my Asp.net MVC 3 web app using MathJax to accept user input $x<y>z$ ?

  - by Recycle Bin

  I am developing a mathematics site using Asp.Net MVC 3 + Razor + MathJax. MathJax is a javascript library to render TeX or LaTeX codes on the web browser. And TeX or LaTeX codes represent mathematics contents such as an…

  Read the article

• How to use Zend Framework Form Hash (token) with AJAX

  - by nvoyageur

  I have included Zend_Form_Element_Hash into a form multiplecheckbox form. I have jQuery set to fire off an AJAX request when a checkbox is clicked, I pass the token with this AJAX request. The first AJAX request works…

  Read the article

• How do I solve an AntiForgeryToken exception that occurs after an iisreset in my ASP.Net MVC app?

  - by Colin Newell

  I’m having problems with the AntiForgeryToken in ASP.Net MVC. If I do an iisreset on my web server and a user continues with their session they get bounced to a login page. Not terrible but then the AntiForgery…

  Read the article

• runtime loading of ValidateAntiForgeryToken Salt value

  - by p.campbell

  Consider an ASP.NET MVC application using the Salt parameter in the [ValidateAntiForgeryToken] directive. The scenario is such that the app will be used by many customers. It's not terribly desirable to have the…

  Read the article

• Is using GET with a tokenID for security a good idea?

  - by acidzombie24

  I was thinking about this and it appears POST only a little less vulnerable and somewhat harder (do to requiring the user to click something). I read about token ids and double submitted cookies and i am not…

  Read the article

< Previous Page | 1 2 3 4 5  | Next Page >