On 21 January 2013 09:26, . <oscar.vi...@gmail.com> wrote: > On 21 January 2013 07:19, Matt Palmer <mpal...@hezmatt.org> wrote: > ... >>> If the form is submitted without the correct POST value, if their IP >>> address changed, or after too many seconds since the timestamp, >>> then redisplay the form to the user, with a request for them to >>> visually inspect and confirm the submission. >> >> Which is decidedly more user-friendly than most people implement, but >> suffers from the problem that some subset of your userbase is going to be >> using a connection that doesn't have a stable IP address, and it won't take >> too many random "please re-confirm the form submission you made" requests >> before the user gives your site the finger and goes to find something better >> to do. >> > > You want to stop the CSRF problem, but you want to support a user > making the login in a IP, and submiting a "delete account" button *the > next second* from a different IP. then you want this solution to be > better cost effective than cookies. > > Maybe ask the user his password. > > <form method="post"> > <input type="hidden" name="id_user" value="33"> > <input type="hidden" name="action" value="delete_user"> > <input type="submit" value="Delete user"> > <p>For this action you must provide the password. </p> > <input type="password" name="password" value=""> > </from> > > Even if this request come from a IP in china, you can allow it.
So this solution can be read has: - Do nothing to avoid CSRF. - Except for destructive actions, where you ask for the password. -- -- ℱin del ℳensaje.
