== Token
== A PHP class for CSRF preventing.
= What is Token
Token is a simple to use PHP class that implements a session token system
for web applications. The purpose is to avoid CSRF (Cross Site Request
Forgery) attacks.
= About CSRF
The Cross Site Request Forgery is a widespread vulnerability in web
applications.
Using CSRF an attacker can make an user to do things with his own sessions.
CSRF is an underestimate threat. It is often forget while it is more
dangerous of other attacks (who cares about a stupid XSS)?
A very good paper about CSRF is at: http://citp.princeton.edu/csrf/.
= Using Token
Token usage is very simple. It is explained in the example file.
= Token License
Token has not a license. Simply do what you want.
I just enjoyed coding Token, don't care about.
= Author contacts
Website: http://sydarex.org
Email: sydarex@gmail.com
= Credits
Token is inspired by the work of Claudio Guarnieri (nex) of PlayHack on the
Seride library (http://www.playhack.net).
|