DokuWiki

It's better when it's simple

User Tools

Site Tools


devel:security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
devel:security [2016-06-20 20:32]
139.174.200.55 [Typical Vulnerability Example] Grammar
devel:security [2016-06-20 20:34] (current)
139.174.200.55 [Prevent CSRF] Typo
Line 218: Line 218:
 </​code>​ </​code>​
  
-Do you see the first input? Yes? Good. Now you have to check the security token when you recieve ​the form, before processing it:+Do you see the first input? Yes? Good. Now you have to check the security token when you receive ​the form, before processing it:
  
 <code php> <code php>
Line 228: Line 228:
 As the malicious website will never find the value of the "​sectok"​ hidden input, your form is no longer vulnerable to CSRF. As the malicious website will never find the value of the "​sectok"​ hidden input, your form is no longer vulnerable to CSRF.
  
-**Note:** If the security token is not valid, the checkSecurityToken() function displays a message which inform ​the user.+**Note:** If the security token is not valid, the checkSecurityToken() function displays a message which informs ​the user.
  
  
devel/security.txt ยท Last modified: 2016-06-20 20:34 by 139.174.200.55