| Author |
Message |
|
| Guest |
 Posted: Wed Oct 15, 2008 11:16 am |
 |
|
|
Guest
|
Hi guys
I am trying to protect my forms from CSRF attacks by putting a random
key as a hidden field into my forms. This is what I do:
1. When going to the form,I do:
Key = crypto:rand_bytes(200),
Encoded = base64:encode(binary_to_list(Key)),
yaws_api:setcookie("formkey", Encoded)
2. When the form comes back, I do this to see if the cookie is set:
Res = yaws_api:find_cookie_val("formkey", A),
Based on whether I get [] or something else I proceed accordingly.
The problem is that the cookie seems not to be set as it always
returns []. Am I missing some steps?
Nii Amon
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "erlyweb" group.
To post to this group, send email to erlyweb@googlegroups.com
To unsubscribe from this group, send email to erlyweb+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Fri Oct 17, 2008 6:17 am |
|
|
|
Guest
|
Did you check out the http headers return from yaws? Firebug should
help with that.
Yariv
On Wed, Oct 15, 2008 at 4:16 AM, nii amon <jazzyy@gmail.com> wrote:
>
> Hi guys
>
> I am trying to protect my forms from CSRF attacks by putting a random
> key as a hidden field into my forms. This is what I do:
>
> 1. When going to the form,I do:
>
> Key = crypto:rand_bytes(200),
> Encoded = base64:encode(binary_to_list(Key)),
>
> yaws_api:setcookie("formkey", Encoded)
>
> 2. When the form comes back, I do this to see if the cookie is set:
>
> Res = yaws_api:find_cookie_val("formkey", A),
>
> Based on whether I get [] or something else I proceed accordingly.
>
> The problem is that the cookie seems not to be set as it always
> returns []. Am I missing some steps?
>
> Nii Amon
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "erlyweb" group.
To post to this group, send email to erlyweb@googlegroups.com
To unsubscribe from this group, send email to erlyweb+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Fri Oct 17, 2008 6:10 pm |
|
|
|
Guest
|
No Haven't done that. Will check that out and see if it offers any
help.
Thanks
Nii Amon
On Oct 17, 6:16 am, "Yariv Sadan" <yarivsa...@gmail.com> wrote:
> Did you check out the http headers return from yaws? Firebug should
> help with that.
>
> Yariv
>
> On Wed, Oct 15, 2008 at 4:16 AM, nii amon <jaz...@gmail.com> wrote:
>
> > Hi guys
>
> > I am trying to protect my forms from CSRF attacks by putting a random
> > key as a hidden field into my forms. This is what I do:
>
> > 1. When going to the form,I do:
>
> > Key = crypto:rand_bytes(200),
> > Encoded = base64:encode(binary_to_list(Key)),
>
> > yaws_api:setcookie("formkey", Encoded)
>
> > 2. When the form comes back, I do this to see if the cookie is set:
>
> > Res = yaws_api:find_cookie_val("formkey", A),
>
> > Based on whether I get [] or something else I proceed accordingly.
>
> > The problem is that the cookie seems not to be set as it always
> > returns []. Am I missing some steps?
>
> > Nii Amon
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "erlyweb" group.
To post to this group, send email to erlyweb@googlegroups.com
To unsubscribe from this group, send email to erlyweb+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Sun Oct 26, 2008 10:59 am |
|
|
|
Guest
|
I was using Camino and it appears that cookies do not work really well
on that browser. I switched to Safari and it worked. Opera and Firefox
worked as well.
On Oct 17, 6:16 |
|
|
| Back to top |
|
| wailian |
| Posted: Tue Mar 20, 2012 2:36 am |
|
|
|
Guest
|
| The shoes absolutely are an avant-garde day time day admiration and do amazing problems even although access just about any apparel! grownup men and ladies all abundant added compared to planet admire ugg classic short or UGG Classic Tall Boots 5245 Sand to the allowances offered as able-bodied as the time which they bottle you on affairs for that some affair more, through the 1st place, you accept to accept that accepting a accountable of absoluteness they will accept to clothing on some added agents things. |
|
|
| Back to top |
|
|
|
All times are GMT
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
|
|
Digg It
Del.icio.us
Reddit
Facebook
Stumble Upon
Technorati
