Removing content from database, security precautions

Question

UPDATE:

I added the CSRF protection like Berdir told me, with the help of the link below to make my application work again. However.. I'm not quite sure what I did right now :D How is this going to make my app more secure? I'm particularly bothered by the fact that I'm now getting a cookie value in my ajax code, because I have to pass it with my ajax call.. otherwise it just doesn't work. Doesn't this give away some crucial information about the cookie? Or am I just being paranoid. Thanks!

http://aymsystems.com/ajax-csrf-protection-codeigniter-20

//old Hi.

In this web app I'm building, I have a functionality to add 'tips and tricks' about certain subjects. These pages can be added only by accounts with the admin role. However, I also want the ability to remove these pages. (Always handy, right). Since I'm using CodeIgniter, I was thinking of just making a controller function which takes an ID, and passes this ID to the model where the page corresponding to that ID would get deleted from the database.

Just to make this clear:

Controller:

public function del_content($id)
{
    $this->content_model->del_content($id)
}

Model:

public function del_content($id)
{
    // database code which I can't be bothered to look up now
    // something like $this->db->where(), $this->db->delete()
}

This is all really simple, but I'm scared that it might be too simple. This doesn't really seem oh so very secure to me, is it? Since you would be able to call the function from the URL address bar in your browser, you could basically remove the whole content table through that. (Since you'd be doing http://mywebsite/controller/del_content/3 for the item with ID 3). Of course, only administrator accounts would have access to that function, but still..

I have never programmed anything like this before and thus never had to think about the security measures I should take in this case. Would anyone be kind enough to give me some things I should keep an eye out for and perhaps some ideas, suggestions, on how to make this more secure?

Thanks a lot!

Answer 1

What you need to protect against are CSRF attacks. Put simply, they are attacks which trick administrators into visiting a certain URL by GET or POST request.

The typical way to do that are tokens. When generating the link or form that points to the delete action, you generate a token that you send to the client (either as hidden form field or as part of the GET URL), also store it on the server for the current session and when that action is executed, you compare the submitted and the stored token and only continue if they match.

Many frameworks/systems have this built-in in some ways, for example are all forms generated with the Form API in Drupal protected against such attacks.