CSRF, also known as Cross-Site Request Forgery is a trick which is commonly targeted to web forms. This is often used by (spam)bots but also by individuals who might try to break into your application.
In this short tutorial I will show you some ways to protect a (login) web form against the most common types of attacks, making it much safer.
I will use PHP as the server-side programming language, but any other language will provide similar features.
Many people who are configuring a web server for the first time are struggling with the proper file and group permissions. Either the scripts don’t execute properly, or they can’t upload or modify files without getting a Permission Denied error message. The only way to make it work is by setting the CHMOD permissions to 777 (world read, write and execute), which is very dangerous. Any individual could upload a (PHP) script to the server, and cause serious damage (erase the files or even disrupt the OS if the security is very weak). I’m going to teach you how to set up the permissions properly to make the server both functional and safe.