|  | From Scott Orgera, your About Programming Editor In this week's newsletter we take a closer look at data encryption, CSRF and code vulnerabilities... | | What is Cross-Site Request Forgery (CSRF)? Cross-Site Request Forgery, aka CSRF (pronounced Sea-Surf), is a security vulnerability that goes by many names. You might know it better as XSRF, side-jacking, session riding and maybe even the "one-click attack." No matter what name it goes by, CSRF is a serious exploitation of trust. It preys on a Website's trusted (and supposedly authenticated) users and cleverly allows them to be the ones who unknowingly initiate unauthorized actions or requests. From the point of view of the attacked site, it looks as though the user is the attacker when, in fact, at best he's probably an unwitting accomplice. | One Way Data Encryption in PHP In PHP we can use the crypt () function to create one way encryption. This means that the data is encrypted but cannot easily be decrypted. Although at first glance that may seem useless, it is actually very useful when working with passwords. When a user chooses their password, the password is then encrypted and the encrypted version of this password is saved. The next time the user goes to login, their password is encrypted again and then checked against the already saved (encrypted) version to see if they are the same. This way if the data is intercepted, they only ever see the encrypted version. | 5 Reasons Your Ruby Code is Vulnerable to Attack There are a number of reasons that someone would want to launch a CSRF attack and each has its own unique impact. In explaining these reasons, we've used the names conventionally used in cryptography and information technology. | Why You Should Consider Progressive Enhancement There are many reasons to use progressive enhancement to build your website. The most common reason is to try and improve your site to less capable browsers like cell phones and older web browsers. But there are many reasons beyond that that can convince you that progressive enhancement is the best way to design web pages. | | | | Related Searches | | | | Featured Articles | | | | | | Sign up for more free newsletters on your favorite topics | | | | You are receiving this newsletter because you subscribed to the About.com Programming newsletter. If you wish to change your email address or unsubscribe, please click here. About.com respects your privacy: Our Privacy Policy Contact Information: 1500 Broadway, 6th Floor New York, NY, 10036 © 2014 About.com | | | | | Advertisement | |