Tuesday

About Programming: One Way Encryption, CSRF, Progressive Enhancement

If you can't see this email, click here

About


From Scott Orgera, your About Programming Editor
In this week's newsletter we take a closer look at data encryption, CSRF and code vulnerabilities...

What is Cross-Site Request Forgery (CSRF)?
Cross-Site Request Forgery, aka CSRF (pronounced Sea-Surf), is a security vulnerability that goes by many names. You might know it better as XSRF, side-jacking, session riding and maybe even the "one-click attack." No matter what name it goes by, CSRF is a serious exploitation of trust. It preys on a Website's trusted (and supposedly authenticated) users and cleverly allows them to be the ones who unknowingly initiate unauthorized actions or requests. From the point of view of the attacked site, it looks as though the user is the attacker when, in fact, at best he's probably an unwitting accomplice.
Search Related Topics:  ruby on rails  web development  csrf

One Way Data Encryption in PHP
In PHP we can use the crypt () function to create one way encryption. This means that the data is encrypted but cannot easily be decrypted. Although at first glance that may seem useless, it is actually very useful when working with passwords. When a user chooses their password, the password is then encrypted and the encrypted version of this password is saved. The next time the user goes to login, their password is encrypted again and then checked against the already saved (encrypted) version to see if they are the same. This way if the data is intercepted, they only ever see the encrypted version.
Search Related Topics:  php basic functions  php security 

5 Reasons Your Ruby Code is Vulnerable to Attack
There are a number of reasons that someone would want to launch a CSRF attack and each has its own unique impact. In explaining these reasons, we've used the names conventionally used in cryptography and information technology.
Search Related Topics:  csrf  security  ruby on rails

Why You Should Consider Progressive Enhancement
There are many reasons to use progressive enhancement to build your website. The most common reason is to try and improve your site to less capable browsers like cell phones and older web browsers. But there are many reasons beyond that that can convince you that progressive enhancement is the best way to design web pages.
Search Related Topics:  progressive enhancement  browser testing  content


Related Searches
Featured Articles
Use CSS to Fake Frames
Formatting Numbers in PHP
Collabtive Under the Microscope
OpenVPN: Remote Private Access to Local Networks
The Octdec () PHP Function
Understanding Web Malware

 

More from About.com

Run Your First 5K
Even couch potatoes can be ready for a 5K with just a couple months of training. Read more...>



Help! I'm Too Busy
Time and stress management tips to help you feel as though you have more time. Read more...>




 
Sign up for more free newsletters on your favorite topics
You are receiving this newsletter because you subscribed to the About.com Programming newsletter. If you wish to change your email address or unsubscribe, please click here.

About.com respects your privacy: Our Privacy Policy

Contact Information:
1500 Broadway, 6th Floor
New York, NY, 10036

© 2014 About.com
 

Advertisement