diff options
| author | markd <markd@pkgsrc.org> | 2014-09-04 22:01:35 +0000 |
|---|---|---|
| committer | markd <markd@pkgsrc.org> | 2014-09-04 22:01:35 +0000 |
| commit | ac154211bb2d688a3177438e135699a21d054362 (patch) | |
| tree | eaa1374e35c246991a68ccc5a69b9c5697409425 /www | |
| parent | daa56af05a287433e30730532eeaf4edc71d0441 (diff) | |
| download | pkgsrc-ac154211bb2d688a3177438e135699a21d054362.tar.gz | |
Import p5-WWW-CSRF 1.00
This module generates tokens to help protect against a website attack
known as Cross-Site Request Forgery (CSRF, also known as XSRF). CSRF
is an attack where an attacker fools a browser into make a request to
a web server for which that browser will automatically include some
form of credentials (cookies, cached HTTP Basic authentication, etc.),
thus abusing the web server's trust in the user for malicious use.
The most common CSRF mitigation is sending a special, hard-to-guess
token with every request, and then require that any request that is
not idempotent (i.e., has side effects) must be accompanied with such
a token. This mitigation depends critically on the fact that while an
attacker can easily make the victim's browser make a request, the
browser security model (same-origin policy, or SOP for short) prevents
third-party sites from reading the results of that request.
Diffstat (limited to 'www')
| -rw-r--r-- | www/p5-WWW-CSRF/DESCR | 14 | ||||
| -rw-r--r-- | www/p5-WWW-CSRF/Makefile | 19 | ||||
| -rw-r--r-- | www/p5-WWW-CSRF/distinfo | 5 |
3 files changed, 38 insertions, 0 deletions
diff --git a/www/p5-WWW-CSRF/DESCR b/www/p5-WWW-CSRF/DESCR new file mode 100644 index 00000000000..c744e4e85a4 --- /dev/null +++ b/www/p5-WWW-CSRF/DESCR @@ -0,0 +1,14 @@ +This module generates tokens to help protect against a website attack +known as Cross-Site Request Forgery (CSRF, also known as XSRF). CSRF +is an attack where an attacker fools a browser into make a request to +a web server for which that browser will automatically include some +form of credentials (cookies, cached HTTP Basic authentication, etc.), +thus abusing the web server's trust in the user for malicious use. + +The most common CSRF mitigation is sending a special, hard-to-guess +token with every request, and then require that any request that is +not idempotent (i.e., has side effects) must be accompanied with such +a token. This mitigation depends critically on the fact that while an +attacker can easily make the victim's browser make a request, the +browser security model (same-origin policy, or SOP for short) prevents +third-party sites from reading the results of that request. diff --git a/www/p5-WWW-CSRF/Makefile b/www/p5-WWW-CSRF/Makefile new file mode 100644 index 00000000000..0f994c47087 --- /dev/null +++ b/www/p5-WWW-CSRF/Makefile @@ -0,0 +1,19 @@ +# $NetBSD: Makefile,v 1.1 2014/09/04 22:01:35 markd Exp $ + +DISTNAME= WWW-CSRF-1.00 +PKGNAME= p5-${DISTNAME} +CATEGORIES= www perl5 +MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=WWW/} +LICENSE= ${PERL5_LICENSE} + +MAINTAINER= pkgsrc-users@NetBSD.org +HOMEPAGE= http://search.cpan.org/dist/WWW-CSRF/ +COMMENT= Generate and check tokens to protect against CSRF attacks + +DEPENDS+= p5-Bytes-Random-Secure>=0.26:../../security/p5-Bytes-Random-Secure +DEPENDS+= p5-Digest-HMAC-[0-9]*:../../security/p5-Digest-HMAC + +PERL5_PACKLIST= auto/WWW/CSRF/.packlist + +.include "../../lang/perl5/module.mk" +.include "../../mk/bsd.pkg.mk" diff --git a/www/p5-WWW-CSRF/distinfo b/www/p5-WWW-CSRF/distinfo new file mode 100644 index 00000000000..f866bf3e35c --- /dev/null +++ b/www/p5-WWW-CSRF/distinfo @@ -0,0 +1,5 @@ +$NetBSD: distinfo,v 1.1 2014/09/04 22:01:35 markd Exp $ + +SHA1 (WWW-CSRF-1.00.tar.gz) = 9868f810646815d4f6b4d1717dfaf21d901e76a5 +RMD160 (WWW-CSRF-1.00.tar.gz) = 3455d1851451d51e4bd52e7fc1b3443537110fdb +Size (WWW-CSRF-1.00.tar.gz) = 5176 bytes |