Bitcoin Forum
December 09, 2016, 07:22:39 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Please, protect against CSRF  (Read 3952 times)
cuddlefish
Full Member
***
Offline Offline

Activity: 126



View Profile
June 20, 2011, 06:38:03 PM
 #21

why was this moved to offtopic?

Security seems to be about the most on topic discussion of all for bitcoin this week

I did. Suggest a better forum, I'll move it there.

1481311359
Hero Member
*
Offline Offline

Posts: 1481311359

View Profile Personal Message (Offline)

Ignore
1481311359
Reply with quote  #2

1481311359
Report to moderator
1481311359
Hero Member
*
Offline Offline

Posts: 1481311359

View Profile Personal Message (Offline)

Ignore
1481311359
Reply with quote  #2

1481311359
Report to moderator
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin-Qt, but full nodes are more resource-heavy, and they must do a lengthy initial syncing process. As a result, lightweight clients with somewhat less security are commonly used.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481311359
Hero Member
*
Offline Offline

Posts: 1481311359

View Profile Personal Message (Offline)

Ignore
1481311359
Reply with quote  #2

1481311359
Report to moderator
jrmithdobbs
Jr. Member
*
Offline Offline

Activity: 59


View Profile
June 21, 2011, 06:26:51 AM
 #22

why was this moved to offtopic?

Security seems to be about the most on topic discussion of all for bitcoin this week

I did. Suggest a better forum, I'll move it there.

But there's not a clowns forum!

http://www.youtube.com/watch?v=_B0CyOAO8y0

1B8TSDzXdyTRX5eF77gWQoXujBaDtKFE6H
PCRon
Jr. Member
*
Offline Offline

Activity: 46


View Profile
June 24, 2011, 06:13:47 PM
 #23

Sorry... What is CSRF?
SlipperySlope
Hero Member
*****
Offline Offline

Activity: 686

Stephen Reed


View Profile
June 24, 2011, 10:11:01 PM
 #24

Sorry... What is CSRF?

I'm writing a set of Java clients for popular exchanges and for the last two days I've been debugging communications with the TradeHill API.  The error message has been ....

    Forbidden 403
   CSRF verification failed. Request aborted.

TradeHill says that they will look into their django server configuration regarding a possible fix that I found on the internet.

CSRF is an acronym for Cross Site Request Fraud, and what the original poster wants is for bitcoin financial web sites to enforce security so that someone else cannot hijack your session with the web site.  CSRF is a protocol in which the server sends to you a certain random token and which your client, e.g. web browser returns to prove that you are the same entity that originally started the session.

For example, TradeHill sends to me the following HTTP header when I perform an HTTP against their API URL at https://api-test.tradehill.com/APIv1/USD/GetBalance ..

Set-Cookie:  csrftoken=35d13f0f2708ee17b0834719b902ad65; Max-Age=31449600; Path=/  <== GENERATED BY TRADEHILL, UNIQUE FOR EACH SESSION

My subsequent API request must specify that token when performing an HTTP POST, e.g. ...

X-CSRFToken: 35d13f0f2708ee17b0834719b902ad65  <== PROVES THAT I ORIGINATED THE SESSION
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!