Part of the EllisLab Network
CodeIgniter  >   Forum Home  >  The CodeIgniter Lounge  >  The Lounge  >  Thread
   
 
Guess what? CodeIgniter has built in CSRF protection!
 
Jamie Rumbelow
Posted: 12 August 2010 09:35 AM   [ Ignore ]  
Research Assistant
Avatar
RankRankRank
Total Posts:  739
Joined  02-24-2008

I had no idea! I just stumbled across this little gem in the CodeIgniter 2 BitBucket Repository. Built in CSRF protection for your CodeIgniter apps!

CSRF protection is a great tool that enforces a specially generated token to be passed through to POST requests, preventing people outside your site from hacking your site via a crafted POST request. It’s become a staple defence in any web application’s security arsenal.

Thanks, EllisLab!

 Signature 

Sparkplugs - Intuitive add-ons for ExpressionEngine and MojoMotor
—-
Taggable - ExpressionEngine Tagging Module
MojoBlog 2 - MojoMotor Blog Module/Add-on
—-
Freelance Web Developer - @jamierumbelow - http://jamieonsoftware.com
Profile
 
 
Eric Barnes
Posted: 12 August 2010 09:54 AM   [ Ignore ]   [ # 1 ]  
Research Assistant
Avatar
RankRankRank
Total Posts:  539
Joined  12-04-2006

Yes and to add a few things I have seen:

1. It works through the form_open form helper. So you need to be using it so everything is automatic.
2. If you are using ajax then you also need to pass the hash as a post param in the ajax call or it will error out.

 Signature 

————————
Eric Barnes | Twitter
————————
Profile
 
 
jfedgar
Posted: 09 March 2011 04:44 AM   [ Ignore ]   [ # 2 ]  
Summer Student
Total Posts:  7
Joined  02-10-2010

It can apparently be passed as a hidden parameter, for those of us who do not often use the form helper:

<input type="hidden" name='<?php echo $this->security->csrf_token_name?>' value='<?php echo $this->security->csrf_hash?>' /> 
 Signature 

Joe Edgar
http://www.myhatwebstudio.com
Profile
 
 
Hire Codeigniter Developer
Posted: 13 March 2011 02:39 PM   [ Ignore ]   [ # 3 ]  
Lab Assistant
Avatar
RankRank
Total Posts:  212
Joined  03-10-2011

Do you have any solution for Malware virus in Codeigniter ?

 Signature 

Hire Codeigniter Developer
.(JavaScript must be enabled to view this email address)
Corporate Web: www.rockersinfo.com
Start Own Fundraising / crowdfuding website
PHP DEVELOPER ATLANTA| CAKEPHP DEVELOPER ATLANTA
        Contact below detail for more
Y! : rockersinfo | gtalk: nishesh.jambudi | Skype : nishuj_007
Profile
 
 
phpserver
Posted: 14 March 2011 01:35 PM   [ Ignore ]   [ # 4 ]  
Lab Assistant
Avatar
RankRank
Total Posts:  204
Joined  11-03-2008

Most malwares can be found on iframes,i guess that is left to the dev’s diligence.

 Signature 

“Do Something To Reduce Your Energy Use,The World Is Running Out Of Known Sources Of Energy”
Profile
 
 
Kevin Smith
Posted: 27 March 2011 03:04 PM   [ Ignore ]   [ # 5 ]  
Administrator
Avatar
RankRankRankRankRank
Total Posts:  3617
Joined  01-31-2008

Oh, this is soooo nice! Much easier to implement than some of the custom coded solutions I’ve seen.

 Signature 


Current Versions: EE 2.4 // MM 1.2
—————————
Sales FAQ // Support FAQ
—————————
How to Post a Support Request
Profile
 
 
   
 
 
‹‹ What does it mean by "summer student", "grad student", "lab technician", "research assistant" in the profile?      Why is CI videos not compressed? ››
Powered By ExpressionEngine
ExpressionEngine Discussion Forum - Version 3.1.5 (20110621)
Script Executed in 0.5421 seconds
Atom Feed   RSS 2.0