./www/p5-WWW-CSRF, Generate and check tokens to protect against CSRF attacks

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.00nb4, Package name: p5-WWW-CSRF-1.00nb4, Maintainer: pkgsrc-users

This module generates tokens to help protect against a website attack
known as Cross-Site Request Forgery (CSRF, also known as XSRF). CSRF
is an attack where an attacker fools a browser into make a request to
a web server for which that browser will automatically include some
form of credentials (cookies, cached HTTP Basic authentication, etc.),
thus abusing the web server's trust in the user for malicious use.

The most common CSRF mitigation is sending a special, hard-to-guess
token with every request, and then require that any request that is
not idempotent (i.e., has side effects) must be accompanied with such
a token. This mitigation depends critically on the fact that while an
attacker can easily make the victim's browser make a request, the
browser security model (same-origin policy, or SOP for short) prevents
third-party sites from reading the results of that request.


Required to run:
[lang/perl5] [security/p5-Digest-HMAC] [security/p5-Bytes-Random-Secure]

Required to build:
[pkgtools/cwrappers]

Master sites: (Expand)

SHA1: 9868f810646815d4f6b4d1717dfaf21d901e76a5
RMD160: 3455d1851451d51e4bd52e7fc1b3443537110fdb
Filesize: 5.055 KB

Version history: (Expand)


CVS history: (Expand)


   2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558)
Log message:
Recursive bump for perl5-5.28.0
   2017-06-05 16:25:36 by Ryo ONODERA | Files touched by this commit (2298)
Log message:
Recursive revbump from lang/perl5 5.26.0
   2016-06-08 21:25:20 by Thomas Klausner | Files touched by this commit (2236) | Package updated
Log message:
Bump PKGREVISION for perl-5.24.
   2015-11-04 03:47:43 by Alistair G. Crooks | Files touched by this commit (758)
Log message:
Add SHA512 digests for distfiles for www category

Problems found locating distfiles:
	Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
	Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
	Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
	Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
	Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
	Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
	Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
	Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-06-12 12:52:19 by Thomas Klausner | Files touched by this commit (3152)
Log message:
Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
   2014-09-05 00:01:35 by Mark Davies | Files touched by this commit (3)
Log message:
Import p5-WWW-CSRF 1.00

This module generates tokens to help protect against a website attack
known as Cross-Site Request Forgery (CSRF, also known as XSRF). CSRF
is an attack where an attacker fools a browser into make a request to
a web server for which that browser will automatically include some
form of credentials (cookies, cached HTTP Basic authentication, etc.),
thus abusing the web server's trust in the user for malicious use.

The most common CSRF mitigation is sending a special, hard-to-guess
token with every request, and then require that any request that is
not idempotent (i.e., has side effects) must be accompanied with such
a token. This mitigation depends critically on the fact that while an
attacker can easily make the victim's browser make a request, the
browser security model (same-origin policy, or SOP for short) prevents
third-party sites from reading the results of that request.