Bruce Gust
asked on
What's the difference between "crypto" and "csrf?"
I realize I might be getting into some detail that isn't especially necessary, but I'm interested nevertheless.
In Node, you have the ability to secure your online transactions through a CSRF token. Anytime I'm using a form, I can assert a CSRF token to ensure that the system isn't being breached by some sinister party.
I'm going through a portion of a tutorial right now where I'm sending an email to someone who needs to reset their password. A part of the URL that they click on to do that includes a random value that's being generated using a NodeJs library called "crypto."
My question is: What's the difference?
They both appear to be random values and they both appear to be doing the same thing as far as adding a layer of security. But what makes them different?
Thanks!
In Node, you have the ability to secure your online transactions through a CSRF token. Anytime I'm using a form, I can assert a CSRF token to ensure that the system isn't being breached by some sinister party.
I'm going through a portion of a tutorial right now where I'm sending an email to someone who needs to reset their password. A part of the URL that they click on to do that includes a random value that's being generated using a NodeJs library called "crypto."
My question is: What's the difference?
They both appear to be random values and they both appear to be doing the same thing as far as adding a layer of security. But what makes them different?
Thanks!
i marked the above as the solution. the function is more likely get_random_bytes()
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks you, guys!
please see https://stackoverflow.com/questions/5207160/what-is-a-csrf-token-what-is-its-importance-and-how-does-it-work
The token will be constantly changing what you used for http://examplebank.com/transfer?payaccount:123456789;amount:10000;token:123438385659339209387653 the token will change and using the original token or no token will be rejected.
I'm going through a portion of a tutorial right now where I'm sending an email to someone who needs to reset their password. A part of the URL that they click on to do that includes a random value that's being generated using a NodeJs library called "crypto."
Crypto has many functions one of them is to make a SHA1 Hash
var crypto = require('crypto')
, text = 'username'
, key = 'thisisnotthekey'
, hash
hash = crypto.createHmac('sha1', key).update(text).digest('