Why is used auth_token to secure forms?

@toplisekJan 14.2009

The attack from forms can be solved also using code like.

[code=php] <div style=”margin:0;padding:0″><input name=”authenticity_token” type=”hidden” value=”9b7a4b5cb8f7c7910dsd797sdcnmxcox8c0dfč2582110887ff5″ /></div>

[/code]

Steps of security:
1. GET the form and token
2. then POST the form and token

How does the auth_token provide security if I use this sample?

to post a comment

PHP

3 Comments(s) _↴

@MindzaiJan 14.2009 — #It helps protect against XSRF attacks.

@toplisekauthorJan 14.2009 — #Is there right way to put this under form tag?

@MindzaiJan 14.2009 — #You would normally use a hidden input tag as in the code you posted.

Also in #PHP _↴

Passing variables between forms Google indexing of databese generated webpages PHP Include Script Error

Success!

Help @toplisek spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 5.7,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...

Why is used auth_token to secure forms?

3 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Why is used auth_token to secure forms?

3 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

3 Comments(s) _↴

Also in #PHP _↴