ElbertF Blog

Posts Tagged ‘tips’

Nov.15.09

Safer web forms with security tokens

A common issue with many web applications is their vulnerability for Cross-Site Request Forgery, or XSRF. It allows a hacker to send a malicious request to a website with an other user’s privileges. Here’s how it works:

A hacker creates a page with a form that submits data to example.com.
An administrator from example.com is tricked into visiting the page, the form is submitted using JavaScript.
The data is handled by example.com as if it came from the administrator (because it did).

This allows a hacker to perform administrative tasks on example.com like editing pages or deleting users.

PHP: How not to pollute the global scope

An emerging trend in JavaScript is to wrap entire programs in a single object to prevent conflicts with other scripts. The same can be done with PHP, something I haven’t seen done very often.

Tips for writing compact PHP code

Writing compact code can save you time. It’s not always recommended and often even strongly discouraged as it makes your code less readable, but for simple operations it can be more efficient. In this post I will give a few examples.

Bio

I'm ElbertF, a Dutch web developer living in Australia. I built websites for a living and work on experimental projects for fun.

E-mail: blog@elbertf.com

Twitter

Follow me on Twitter

Sites

Swiftlet: PHP Framework

Please Retweet: Twitter app

Wappalyzer: Firefox add-on

IE6ify: Bookmarklet

Cloud.li: Twitter app

JavaScript Tetris: Time waster

ElbertF Blog

Posts Tagged ‘tips’

Safer web forms with security tokens

PHP: How not to pollute the global scope

Tips for writing compact PHP code

Bio

Twitter

Sites

Networks

Tags

Search

Archives