Index Ongoing Releases Open issues

Enhancement A-Z Ongoing

CSRF protection

Developer comments

From https://www.owasp.org/index.php/CSRF: ["CSRF attacks target functionality that causes a state change on the server, such as changing the victim's email address or password, or purchasing something. Forcing the victim to retrieve data doesn't benefit an attacker because the attacker doesn't receive the response, the victim does. As such, CSRF attacks target state-changing requests. "]

Reporting date

2014-12-29

Resolving date

2016-10-17

Resolved by

Robert Cerny

Resolved in version

Topincs 7.7.1

Part of

Harden Topincs(Enhancement)

Work sessions7

6293

6294

6295

6296

6297

6298

6299

Helpful webpages10

www.owasp.org/index.php/PHP_CSRF_Guard

de.wikipedia.org/…oss-Site-Request-Forgery

www.owasp.org/index.php/CSRF

en.m.wikipedia.org/…s-site_request_forgery

security.stackexchange.com/…r-form-request

stackoverflow.com/…-a-token-for-every-form

stackoverflow.com/…oken-per-request-or-not

stackoverflow.com/…ut-sessions-or-database

programmers.stackexchange.com/…ons-cookies

stackoverflow.com/…dd-csrf-token-using-php

We are sorry

This page cannot be displayed in your browser. Use Firefox, Opera, Safari, or Chrome instead.

Saving …

Before we continue …

Sort

No internet connection

Refreshed unknown