Jump to content


Check out our Community Blogs

visionviper

Member Since 25 Sep 2011
Offline Last Active Dec 15 2011 11:31 AM
-----

Topics I've Started

Preventing Session Hijacking, CSRF

25 September 2011 - 08:17 AM

I am creating what amounts to a pretty basic PHP application. I am doing this because I want to learn important concepts in PHP programming and in securing PHP applications for a much bigger project that I have.

So I've been doing my best to read up on different ways of securing PHP applications against different types of attacks and so I think I have found out what appears to be the best ways of preventing these two types of attacks.

Session hijacking: Create an encrypted session id that has to be matched to the decrypted id for that user. (decrypted ID stored in the database?)

CSRF: Create a random code after every request and making sure this matches the next request. (where would this be stored? One in the database and one as a session variable?)

Any comments/help/additional reading you guys can give me on this would be great.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download