HASH Message Digest Framework
- Introduction
- Installing/Configuring
- Predefined Constants
- Hash Functions
- hash_algos — Return a list of registered hashing algorithms
- hash_copy — Copy hashing context
- hash_file — Generate a hash value using the contents of a given file
- hash_final — Finalize an incremental hash and return resulting digest
- hash_hmac_file — Generate a keyed hash value using the HMAC method and the contents of a given file
- hash_hmac — Generate a keyed hash value using the HMAC method
- hash_init — Initialize an incremental hashing context
- hash_pbkdf2 — Generate a PBKDF2 key derivation of a supplied password
- hash_update_file — Pump data into an active hashing context from a file
- hash_update_stream — Pump data into an active hashing context from an open stream
- hash_update — Pump data into an active hashing context
- hash — Generate a hash value (message digest)
Коментарии
Hashes are important to fix CSRF vulnerabilities - for example somebody could link to the upvote arrow on this page and post a link to someplace like Reddit.
Example:
http://us2.php.net/manual/vote-note.php?id=XXXXX&page=function.hash-algos&vote=up
Then people would visit the link in their browser (or load it an in iFrame etc) and it would upvote the link without their knowledge or consent.
If a has was generated for each viewer then you couldn't accomplish this ;)