Generating Secure CSRF Tokens

[Ben Ramsey]

Continuing our web application security discussion from Jason's talk on Tuesday, I thought this might be interesting to share with everyone:

http://www.eschrade.com/page/generating-secure-cross-site-request-forgery-tokens-csrf/

This post doesn't explain cross-site request forgeries, though. If you're interested in reading more about that, I recommend Chris Shiflett's book Essential PHP Security: http://shop.oreilly.com/product/9780596006563.do

Chris has also posted an article on his website about CSRF: http://shiflett.org/articles/cross-site-request-forgeries

-Ben