CSRF, also known as Cross-Site Request Forgery is a trick which is commonly targeted to web forms. This is often used by (spam)bots but also by individuals who might try to break into your application.
In this short tutorial I will show you some ways to protect a (login) web form against the most common types of attacks, making it much safer.
I will use PHP as the server-side programming language, but any other language will provide similar features.
Since PHP version 5 has been released, it has been improved with Object-Oriented Programming, using classes. It’s one of the most used features in system programming languages like C++ and can now be used in PHP.
In this article I assume you know the following in advance:
– You know what variables are and how to assign values to them in PHP.
– You know what a function is and how it works.
Before I start, I want to tell a bit about functions.
During the creation of PHP scripts you might encounter a situation where a value needs to be passed from one page to another. This will mostly be required when sending the visitor through a wizard or a login screen. This can be achieved by using:
- HTTP GET
- HTTP POST
I will briefly explain each of those.