About Programming: One Way Encryption, CSRF, Progressive Enhancement

If you can't see this email, click here

Programming From Scott Orgera, your About Programming Editor In this week's newsletter we take a closer look at data encryption, CSRF and code vulnerabilities... What is Cross-Site Request Forgery (CSRF)? Cross-Site Request Forgery, aka CSRF (pronounced Sea-Surf), is a security vulnerability that goes by many names. You might know it better as XSRF, side-jacking, session riding and maybe even the "one-click attack." No matter what name it goes by, CSRF is a serious exploitation of trust. It preys on a Website's trusted (and supposedly authenticated) users and cleverly allows them to be the ones who unknowingly initiate unauthorized actions or requests. From the point of view of the attacked site, it looks as though the user is the attacker when, in fact, at best he's probably an unwitting accomplice. Search Related Topics:  ruby on rails  web development  csrf One Way Data Encryption in PHP In PHP we can use the crypt () function to create one way encryption. This means that the data is encrypted but cannot easily be decrypted. Although at first glance that may seem useless, it is actually very useful when working with passwords. When a user chooses their password, the password is then encrypted and the encrypted version of this password is saved. The next time the user goes to login, their password is encrypted again and then checked against the already saved (encrypted) version to see if they are the same. This way if the data is intercepted, they only ever see the encrypted version. Search Related Topics:  php basic functions  php security  5 Reasons Your Ruby Code is Vulnerable to Attack There are a number of reasons that someone would want to launch a CSRF attack and each has its own unique impact. In explaining these reasons, we've used the names conventionally used in cryptography and information technology. Search Related Topics:  csrf  security  ruby on rails Why You Should Consider Progressive Enhancement There are many reasons to use progressive enhancement to build your website. The most common reason is to try and improve your site to less capable browsers like cell phones and older web browsers. But there are many reasons beyond that that can convince you that progressive enhancement is the best way to design web pages. Search Related Topics:  progressive enhancement  browser testing  content Related Searches Security Email Data Security Password Security Key Programming SQL Injection Attack Featured Articles Use CSS to Fake Frames Formatting Numbers in PHP Collabtive Under the Microscope OpenVPN: Remote Private Access to Local Networks The Octdec () PHP Function Understanding Web Malware   More from About.com Run Your First 5K Even couch potatoes can be ready for a 5K with just a couple months of training. Read more...> Help! I'm Too Busy Time and stress management tips to help you feel as though you have more time. Read more...>   Sign up for more free newsletters on your favorite topics You are receiving this newsletter because you subscribed to the About.com Programming newsletter. If you wish to change your email address or unsubscribe, please click here. About.com respects your privacy: Our Privacy Policy Contact Information: 1500 Broadway, 6th Floor New York, NY, 10036 © 2014 About.com   Advertisement