www/p5-WWW-CSRF - The NetBSD Packages Collection

Generate and check tokens to protect against CSRF attacks

This module generates tokens to help protect against a website attack
known as Cross-Site Request Forgery (CSRF, also known as XSRF). CSRF
is an attack where an attacker fools a browser into make a request to
a web server for which that browser will automatically include some
form of credentials (cookies, cached HTTP Basic authentication, etc.),
thus abusing the web server's trust in the user for malicious use.

The most common CSRF mitigation is sending a special, hard-to-guess
token with every request, and then require that any request that is
not idempotent (i.e., has side effects) must be accompanied with such
a token. This mitigation depends critically on the fact that while an
attacker can easily make the victim's browser make a request, the
browser security model (same-origin policy, or SOP for short) prevents
third-party sites from reading the results of that request.

Build dependencies

pkgtools/mktools pkgtools/cwrappers

Runtime dependencies

security/p5-Bytes-Random-Secure security/p5-Digest-HMAC lang/perl5 lang/perl5

Binary packages

OSArchitectureVersion
NetBSD 10.0aarch64p5-WWW-CSRF-1.00nb9.tgz
NetBSD 10.0aarch64p5-WWW-CSRF-1.00nb8.tgz
NetBSD 10.0aarch64p5-WWW-CSRF-1.00nb9.tgz
NetBSD 10.0aarch64ebp5-WWW-CSRF-1.00nb9.tgz
NetBSD 10.0aarch64ebp5-WWW-CSRF-1.00nb9.tgz
NetBSD 10.0alphap5-WWW-CSRF-1.00nb9.tgz
NetBSD 10.0earmv6hfp5-WWW-CSRF-1.00nb9.tgz
NetBSD 10.0earmv6hfp5-WWW-CSRF-1.00nb8.tgz
NetBSD 10.0earmv6hfp5-WWW-CSRF-1.00nb9.tgz
NetBSD 10.0earmv7hfp5-WWW-CSRF-1.00nb9.tgz
NetBSD 10.0earmv7hfp5-WWW-CSRF-1.00nb8.tgz
NetBSD 10.0earmv7hfp5-WWW-CSRF-1.00nb9.tgz
NetBSD 10.0i386p5-WWW-CSRF-1.00nb9.tgz
NetBSD 10.0i386p5-WWW-CSRF-1.00nb9.tgz
NetBSD 10.0powerpcp5-WWW-CSRF-1.00nb9.tgz
NetBSD 10.0x86_64p5-WWW-CSRF-1.00nb9.tgz
NetBSD 10.0_BETAx86_64p5-WWW-CSRF-1.00nb9.tgz
NetBSD 8.0i386p5-WWW-CSRF-1.00nb9.tgz
NetBSD 8.0i386p5-WWW-CSRF-1.00nb8.tgz
NetBSD 8.0i386p5-WWW-CSRF-1.00nb9.tgz
NetBSD 8.0powerpcp5-WWW-CSRF-1.00nb8.tgz
NetBSD 8.0powerpcp5-WWW-CSRF-1.00nb9.tgz
NetBSD 8.0powerpcp5-WWW-CSRF-1.00nb9.tgz
NetBSD 8.0x86_64p5-WWW-CSRF-1.00nb9.tgz
NetBSD 8.0x86_64p5-WWW-CSRF-1.00nb8.tgz
NetBSD 8.0x86_64p5-WWW-CSRF-1.00nb9.tgz
NetBSD 9.0aarch64p5-WWW-CSRF-1.00nb9.tgz
NetBSD 9.0aarch64p5-WWW-CSRF-1.00nb8.tgz
NetBSD 9.0aarch64p5-WWW-CSRF-1.00nb9.tgz
NetBSD 9.0alphap5-WWW-CSRF-1.00nb8.tgz
NetBSD 9.0alphap5-WWW-CSRF-1.00nb9.tgz
NetBSD 9.0earmv6hfp5-WWW-CSRF-1.00nb9.tgz
NetBSD 9.0earmv6hfp5-WWW-CSRF-1.00nb8.tgz
NetBSD 9.0earmv6hfp5-WWW-CSRF-1.00nb9.tgz
NetBSD 9.0earmv7hfp5-WWW-CSRF-1.00nb9.tgz
NetBSD 9.0earmv7hfp5-WWW-CSRF-1.00nb8.tgz
NetBSD 9.0earmv7hfp5-WWW-CSRF-1.00nb9.tgz
NetBSD 9.0i386p5-WWW-CSRF-1.00nb9.tgz
NetBSD 9.0i386p5-WWW-CSRF-1.00nb9.tgz
NetBSD 9.0powerpcp5-WWW-CSRF-1.00nb9.tgz
NetBSD 9.0powerpcp5-WWW-CSRF-1.00nb8.tgz
NetBSD 9.0powerpcp5-WWW-CSRF-1.00nb8.tgz
NetBSD 9.0powerpcp5-WWW-CSRF-1.00nb9.tgz
NetBSD 9.0sparc64p5-WWW-CSRF-1.00nb8.tgz
NetBSD 9.0sparcp5-WWW-CSRF-1.00nb8.tgz
NetBSD 9.0x86_64p5-WWW-CSRF-1.00nb9.tgz
NetBSD 9.0x86_64p5-WWW-CSRF-1.00nb9.tgz
NetBSD 9.3x86_64p5-WWW-CSRF-1.00nb9.tgz
NetBSD 9.3x86_64p5-WWW-CSRF-1.00nb9.tgz

Binary packages can be installed with the high-level tool pkgin (which can be installed with pkg_add) or pkg_add(1) (installed by default). The NetBSD packages collection is also designed to permit easy installation from source.

Available build options

(none)

Known vulnerabilities

The pkg_admin audit command locates any installed package which has been mentioned in security advisories as having vulnerabilities.

Please note the vulnerabilities database might not be fully accurate, and not every bug is exploitable with every configuration.


Problem reports, updates or suggestions for this package should be reported with send-pr.