diff options
Diffstat (limited to 'www/p5-WWW-CSRF')
| -rw-r--r-- | www/p5-WWW-CSRF/DESCR | 14 | ||||
| -rw-r--r-- | www/p5-WWW-CSRF/Makefile | 19 | ||||
| -rw-r--r-- | www/p5-WWW-CSRF/distinfo | 5 |
3 files changed, 38 insertions, 0 deletions
diff --git a/www/p5-WWW-CSRF/DESCR b/www/p5-WWW-CSRF/DESCR new file mode 100644 index 00000000000..c744e4e85a4 --- /dev/null +++ b/www/p5-WWW-CSRF/DESCR @@ -0,0 +1,14 @@ +This module generates tokens to help protect against a website attack +known as Cross-Site Request Forgery (CSRF, also known as XSRF). CSRF +is an attack where an attacker fools a browser into make a request to +a web server for which that browser will automatically include some +form of credentials (cookies, cached HTTP Basic authentication, etc.), +thus abusing the web server's trust in the user for malicious use. + +The most common CSRF mitigation is sending a special, hard-to-guess +token with every request, and then require that any request that is +not idempotent (i.e., has side effects) must be accompanied with such +a token. This mitigation depends critically on the fact that while an +attacker can easily make the victim's browser make a request, the +browser security model (same-origin policy, or SOP for short) prevents +third-party sites from reading the results of that request. diff --git a/www/p5-WWW-CSRF/Makefile b/www/p5-WWW-CSRF/Makefile new file mode 100644 index 00000000000..0f994c47087 --- /dev/null +++ b/www/p5-WWW-CSRF/Makefile @@ -0,0 +1,19 @@ +# $NetBSD: Makefile,v 1.1 2014/09/04 22:01:35 markd Exp $ + +DISTNAME= WWW-CSRF-1.00 +PKGNAME= p5-${DISTNAME} +CATEGORIES= www perl5 +MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=WWW/} +LICENSE= ${PERL5_LICENSE} + +MAINTAINER= pkgsrc-users@NetBSD.org +HOMEPAGE= http://search.cpan.org/dist/WWW-CSRF/ +COMMENT= Generate and check tokens to protect against CSRF attacks + +DEPENDS+= p5-Bytes-Random-Secure>=0.26:../../security/p5-Bytes-Random-Secure +DEPENDS+= p5-Digest-HMAC-[0-9]*:../../security/p5-Digest-HMAC + +PERL5_PACKLIST= auto/WWW/CSRF/.packlist + +.include "../../lang/perl5/module.mk" +.include "../../mk/bsd.pkg.mk" diff --git a/www/p5-WWW-CSRF/distinfo b/www/p5-WWW-CSRF/distinfo new file mode 100644 index 00000000000..f866bf3e35c --- /dev/null +++ b/www/p5-WWW-CSRF/distinfo @@ -0,0 +1,5 @@ +$NetBSD: distinfo,v 1.1 2014/09/04 22:01:35 markd Exp $ + +SHA1 (WWW-CSRF-1.00.tar.gz) = 9868f810646815d4f6b4d1717dfaf21d901e76a5 +RMD160 (WWW-CSRF-1.00.tar.gz) = 3455d1851451d51e4bd52e7fc1b3443537110fdb +Size (WWW-CSRF-1.00.tar.gz) = 5176 bytes |