John W. Holmes <mailto:[EMAIL PROTECTED]> on Tuesday, October 21, 2003 5:30 PM said:
Not a good method. If I get on your site and see my cookie has the
value 241757219 in it, I just need to subtract one from the number
and revisit your site. Now I'm the user who registered before me.
Using the rand() or uniqid() method above means I have to guess an
entire random number / character sequence, which is going to be
harder (or nearly impossible).
But that would require that you register immediately after the person before you. Then you could compare the two numbers and figure out what the base number is, but that seems REALLY unlikely.
Can you explain it a little different maybe?
I only have to register once to see what kind of data you're storing in the cookie. If you're just relying on that number, all I have to do is change it to become another user. I don't need to know about your "base number" or anything, just send another number and see what happens.
-- ---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
