CSRF stands for Cross-Site Request Forgery, and CSRF is a type of website attack that occurs when a malicious/spiteful Website, email, blog, instant message, or program causes a user’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. Now we show you how apply CSRF protection by CSRF token.
save website form scrf, what is csrf, csrf, cross site forgery request, complete tutorial, complete introduction, free tutorial, how save website form csrf attacks
We explain it by simple example. Consider your website have login page where user enter there account username and password for login. And anyone design a login page like your website login page and send it to the user for login when user enter the username and password on this page for login it will save the login details of the user and after it will send the login request from his server to your login page and the user login on your website like it can login from your website this is also called CSRF attack.
CSRF Protection By Using CSRF Token
Now we let you know about how you will save your website form CSRF attacks.
Follow these steps for save your website:
- Open your website login page code/script.
- Generate a unique number OR token for example in php you can generate it using “uniqid();”. And this token is called CSRF Token.
- Save OR hold this unique number OR CSRF Token in session.
- Add a hidden input field in your website login form and put this unique number OR CSRF Token in hidden field value.
- When user send the login request you should need to match the number saved in the session and the number send by the hidden field in the login form.
- If the number match this will be a right request other wise it can be a fake request OR CSRF attack and you will need to show the message to the user to change the account username and password immediately.
After doing these step you will easily enable CSRF Protection on your website.
Hope you like this information if you need further information OR you want to discuss further things with us we are still here for your help contact us.