Bug#648237: ITP: libcgi-application-plugin-protectcsrf-perl -- plugin to generate and verify anti-CSRF challenges
Package: wnpp
Owner: Nicholas Bamber <nicholas@periapt.co.uk>,
Jaldhar H. Vyas <jaldhar@debian.org>
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-perl@lists.debian.org
* Package name : libcgi-application-plugin-protectcsrf-perl
Version : 1.01
Upstream Author : Akira Horimoto <kurt0027@gmail.com>
* URL : http://search.cpan.org/dist/CGI-Application-Plugin-ProtectCSRF/
* License : Artistic or GPL-1+
Programming Lang: Perl
Description : plugin to generate and verify anti-CSRF challenges
CGI::Application::Plugin::ProtectCSRF is a CGI::Application plugin that
helps protect against CSRF attacks. It works by tying back the processing
of a form to the display of a form.
A cross-site request forgery is a form of online attack in which Mr Attacker
posts what appears to be an image in, say, a forum. However the image src
attribute is carefully crafted to undertake some action desired by Mr Attacker
on the target website. The trap is sprung when Mr Victim, logs on to the
target website and then views the image set up by Mr Attacker in the same
browser.
Reply to: