发表新帖
发表新帖

PHP CSRF Attack

后端 未结
关注
3 1476
执笔经年
执笔经年 2020-12-09 14:28

I want to know if this code is strong enough to prevent CSRF attack on PHP Form?
3条回答
  • 时光取名叫无心
    时光取名叫无心 (楼主)
    2020-12-09 14:49

    On the products I support, I'd say "no." Your random number generator is based on rand() which is predictable. Also, it looks like the random number is very short - it needs to be long enough that it cannot be brute forced during the session's validity - nor cany any of the many active sessions' CSRF tokens be cracked.

    Check out the OWASP page on CSRF They'll give you good guidance.

    0 讨论(0)
 看不清?
提交回复
热议问题