perl-WWW-CSRF - Generate and check tokens to protect against CSRF attacks

Property Value
Distribution ALT Linux Sisyphus
Repository Autoimports noarch
Package name perl-WWW-CSRF
Package version 1.00
Package release alt2
Package architecture noarch
Package type rpm
Installed size 8.10 KB
Download size 8.10 KB
Official Mirror
This module generates tokens to help protect against a website
attack known as Cross-Site Request Forgery (CSRF, also known
as XSRF).  CSRF is an attack where an attacker fools a browser into
make a request to a web server for which that browser will
automatically include some form of credentials (cookies, cached
HTTP Basic authentication, etc.), thus abusing the web server's
trust in the user for malicious use.
The most common CSRF mitigation is sending a special, hard-to-guess
token with every request, and then require that any request that
is not idempotent (i.e., has side effects) must be accompanied
with such a token.  This mitigation depends critically on the fact
that while an attacker can easily make the victim's browser
*make* a request, the browser security model (same-origin policy,
or SOP for short) prevents third-party sites from reading the
*results* of that request.
CSRF tokens should have at least the following properties:
=item *
They should be hard-to-guess, so they should be signed
with some key known only to the server.
=item *
They should be dependent on the authenticated identity,
so that one user cannot use its own tokens to impersonate
another user.
=item *
They should not be the same for every request, or an
attack known as BREACH can use HTTP compression
to gradually deduce more and more of the token.
=item *
They should contain an (authenticated) timestamp, so
that if an attacker manages to learn one token, he or she
cannot impersonate a user indefinitely.
WWW::CSRF simplifies the (simple, but tedious) work of creating and verifying
such tokens.
Note that resources that are protected against CSRF should also be protected
against a different attack known as clickjacking.  There are many defenses
against clickjacking (which ideally should be combined), but a good start is
sending a `X-Frame-Options' HTTP header set to `DENY' or `SAMEORIGIN'.
See the Wikipedia article on clickjacking
for more information.
This module provides the following functions:
=over 4


Package Version Architecture Repository
perl-WWW-CSRF - - -


Name Value
/usr/share/perl5 -
perl(Bytes/Random/ -
perl(Digest/ -
perl( -
perl-base >= 1:5.10.0
rpmlib(PayloadIsLzma) -


Name Value
perl(WWW/ = 1.0
perl-WWW-CSRF = 1.00-alt2


Type URL
Binary Package perl-WWW-CSRF-1.00-alt2.noarch.rpm
Source Package perl-WWW-CSRF-1.00-alt2.src.rpm

Install Howto

  1. Add the following line to /etc/apt/sources.list:
    rpm [Sisyphus] noarch autoimports
    rpm [Sisyphus] noarch autoimports
  2. Update the package index:
    # sudo apt-get update
  3. Install perl-WWW-CSRF rpm package:
    # sudo apt-get install perl-WWW-CSRF



See Also

Package Description
perl-WWW-Cache-Google-0.04-alt1.noarch.rpm perl module WWW-Cache-Google
perl-WWW-Chain-0.003-alt1.noarch.rpm A web request chain
perl-WWW-Challonge-1.01-alt1.noarch.rpm Perl wrapper for the Challonge API
perl-WWW-CheckGzip-0.05-alt1.noarch.rpm check web pages for correct gzipping of content
perl-WWW-CheckGzip-scripts-0.05-alt1.noarch.rpm WWW-CheckGzip scripts
perl-WWW-CheckHTML-0.05-alt1.noarch.rpm check remote website HTML and send email alert via SMTP if check fails
perl-WWW-CheckPad-0.035-alt1.noarch.rpm An API to control the check*pad (
perl-WWW-ClickSource-0.8-alt1.noarch.rpm Determine the source of a visit on your website : organic, adwords, facebook, referer site
perl-WWW-CloudCreator-1.1-alt1.noarch.rpm A weighted cloud creator
perl-WWW-Cloutree-1.01-alt1.noarch.rpm Perl interface to Cloutree CDN
perl-WWW-Codeguard-0.10-alt1.noarch.rpm Perl interface to interact with the Codeguard API
perl-WWW-Coderwall-0.003-alt1.noarch.rpm Simple Perl interface to the coderwall API
perl-WWW-ColiPoste-0.03-alt1.noarch.rpm Fetch shipping status from ColiPoste
perl-WWW-ColiPoste-scripts-0.03-alt1.noarch.rpm WWW-ColiPoste scripts
perl-WWW-Comic-1.06-alt1.noarch.rpm Retrieve comic strip images